From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Is this Grsecurity patch issue going to harm IPFire going forward? Date: Fri, 28 Aug 2015 12:29:12 +0100 Message-ID: <1440761352.18358.65.camel@ipfire.org> In-Reply-To: <55DF5A25.7000607@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3562708681802103925==" List-Id: --===============3562708681802103925== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi, the short answer is: Probably not. The long answer is: Yes, it will certainly have an impact on the security of many Linux-based systems. IPFire is only one of them. The technical issue for us will be that kernel updates won't be as easy for us since we will need to make work that is usually done in the grsecurity project. Frankly we do not have the expertise for that. Even if we had we would have the time and it won't make sense to do the same work multiple times. I find that this is a great loss for the free software world. If all free software projects see themselves forced to remove their code from "the market" there would not be much left. We all fight the same issues here, since our software is used by companies which make lots of money out of it and do development work based on IPFire but do not give anything back. The grsecurity case is a very severe case though. Sure it is free software in the end and we all wouldn't do free software if we didn't know this from the beginning. We do not expect money from every single user, because other things are even more important. But at the end of the day money is needed to run the project. If someone is paying that from their own pocket and an other one is making the huge profit, something is *clearly* wrong. Therefore I can personally understand Brad and the PaX team very well and I understand that they see this is a threat to their name and future work. So we dearly *hope* that this entire dispute can be settled and Brad is not forced to make the stable patches only available for the "sponsors" which are paying customers then. This will be a huge loss for IPFire and all its users as well as many other projects that rely on grsecurity. Hope this answers your question. Best, -Michael On Thu, 2015-08-27 at 14:42 -0400, William Pechter wrote: > Important Notice Regarding Public Availability of Stable > Patches > > > Due to continued violations by several companies in the embedded > industry of grsecurity^® 's trademark and registered copyrights, > effective September 9th 2015 stable patches of grsecurity will be > permanently unavailable to the general public. *For more information, > read the full announcement. > > https://www.grsecurity.net/announce.php > * > --===============3562708681802103925== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSlY0RVlJQUFvSkVJQjU4UDl2a0FrSHlBa1Avakh0RGFXMnIrR21NcHNvT3NTdmYrYTMK cTFiUHp2RlZnMzMrTXU0YlZqWDJ1WEQ3TE8rN3ZDZ0FLYVJ4OUdkY0wyY1RkUGlMM00yTGlpeFZV MXRpQjNhTApTZHVqNE03WEt3Sit5MkdVWmp0VWdibGRBQ0JhWWNkOTRIUlhsVmVJZytSVTd1aDJQ QzFkYm1jOHpQeW5mVmVhCkV2RXdnOXkvNDNxdWZqRFZ0UGRmS3FCK0JlbW5xcysrQzNJZkk0cDJy bjRRSDBzNHNaSU1kRk5XQUUvME51WS8KNEd3ZEFsamlsTWJqUnptQU4rcUhTbUVlc2VkRjlXTkxl ZjJYMzhtb3FNYk5jYjJlL1h4VUVNMCtIaW5UWnB3agpoSXFablhDQ1MyVElRZ20wTmIvN2cyNlEr cWZIQXZEUUN6V0JzZWdVWExkVlg1dTlaVE5OZE44THpNQWJHbTh3CkRmTWJEVVMxWHBzWThaelI2 SWJZbVZscHp3TEdRbzJqNy9RNXVrUmhBMXF4bFRNdkFQKzh1YlBabklWbm1TZmsKUTJzSDIrV3hq NUNWbXRCbll5QW40bHRBYTQ5NUFiOGhKREVWNGFTTEZMNU5nTU14YzdCUk5wQ2tDbDdsamlwSApV UUdmUTZ0dG0yL3RMRWRvcmxQT3EveWRBVDJpY3c5RTNSTW9lNk1sVk1tRVl3OURwMFU5K2F2dy96 akdPY0VJClRpcFBocGRsQ1JZK0Jlak1FbnN3WTFpNW5wQU5DdkpUbTRCN0taSEpQLzFmUDFXSk8v b3F5cURZcy9Kb3VIMGwKZ0RSd0xseW1penVnR2ZaSmZjb3RUcXV2OSs1TG44TWVzdEhmdXBEYmdn RHFrUmxadWh4aGVSYlI2VkZ2SXRMRwpaUlIxcjM3Z0JwM0xvcEI3bXVIMwo9Y3FHVAotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============3562708681802103925==--