Hi!
On Sat, Apr 29, 2017 at 07:46:10PM +0300, Alex Efros wrote:
> Thanks! But isn't this mean you forbid all Linux distributions (including
> commercial ones like RedHat) to be GrSec/PaX subscribers (in case they
> like to spend some money for it)? I.e. this decision will ensure majority
> of Linux systems will never ever have GrSec/PaX
If no one is replies on this yet because that's sad truth, then may I ask
why don't you like to solve this in some way?
For example, you can continue publishing source of GrSec/PaX versions, but
use license which allows using it for free only for personal use and small
business (say, less than 10-20 computers) on usual desktop/server PC.
This way all server/desktop Linux distributions will be able to include
alternative hardened kernel or have alternative hardened variant of
overall distribution, but end-user will have to decide is they can use it
for free or should subscribe or avoid using it.
For Android phones/tablets and embedded devices you can make separate
clause in license to let you get some money from Google and companies
developing embedded devices if they will like to use GrSec/PaX, without
forbidding such a possibility at all (rumours are current subscription
options require to limit amount of installations, which is surely doesn't
makes sense for Android).
This way you shouldn't lose any money comparing to current situation,
it also solve mentioned before issues when bad companies sell unsupported
and modified GrSec variant and use "grsecurity" for marketing own
products. Plus you'll continue wide-test your patch with Gentoo Hardened
and some other distribution users and have your patch available for any
external audit which is always good for security product's karma.
If there are no good reasons to reject proposed solution and no
alternatives to let people continue using GrSec/PaX for personal/small
business use, then, yeah, conspiracy theories and three-letter-agencies
start coming to mind - just because they wins more than anybody else
including yourself if all Linux distributions won't have GrSec/PaX anymore.
--
WBR, Alex.
