From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Is this Grsecurity patch issue going to harm IPFire going forward? Date: Fri, 28 Aug 2015 17:15:52 +0100 Message-ID: <1440778552.18358.77.camel@ipfire.org> In-Reply-To: <55E07429.6060008@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1552187294691508752==" List-Id: --===============1552187294691508752== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Fri, 2015-08-28 at 10:46 -0400, William Pechter wrote: > Michael Tremer wrote: > > Sure it is free software in the end and we all wouldn't do free > > software if we didn't know this from the beginning. We do not > > expect > > money from every single user, because other things are even more > > important. But at the end of the day money is needed to run the > > project. If someone is paying that from their own pocket and an > > other > > one is making the huge profit, something is *clearly* wrong. > Thank you for the in depth answer... > > I hope there's someone out there who will leak the name of the large > company so there's a change in their behavior and a loss of > at least a little of their customer base. There are various speculations out there who it could have been. Probably every big business is guilty of not supporting the software they use. Remember when Heartbleed "uncovered" that two guys did OpenSSL in their spare time? Many companies relied on this software and no one really supported the project. After that they got ridiculous amounts of money. I am not convinced that this is the solution to throw this money onto the project in that case a severe issue is discovered. > Unfortunately, there's big money in computer security these days and > some large companies have been buying up the Open Source > products. I don't think that this money is invested in real security. People buy solutions that look like security but they are not. People like scanning proxies that search for viruses and forget about making TLS completely useless. These are the products that sell for money. Under -the-hood improvements like grsecurity do not look as nice on a flyer and won't convince the customer to buy anything. > I remember when Cisco replaced their sensor box under Solaris > (IIRC it was Solaris, not SCO) with a Linux customized box > with Snort... > > Perhaps the Open Source community needs to pool resources in some > kind > of cooperative to keep these projects going. > > At least Snort is still available after the Cisco buyout. It could > have > been worse and been an Oracle purchase which usually causes a pull of > the open source version from the net. Snort is still available, but I think that development has not really advanced much since then. They are commercially exploiting a nice Open Source project. I am not too deep in this - this is just my impression. Some projects are better if they are left independent and big companies sponsor them instead of owning them. -Michael > > Bill > --===============1552187294691508752== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSlY0SWs0QUFvSkVJQjU4UDl2a0FrSGxTc1AvakM1VVZWR05jTDNXWVlFREwvZUpHSWcK eWFYQU00NFRielhwSDNPcktxQlRVTHJseTJHVGpFOUZBU3UvZG16Qmh0VTZXeTRhSlhiS2ZhVEgy eHRVT05zcAorM1BhWmlQQzdZWVMvU0M1ek02Sm1hWTJVRG1yMFh3MStIQnBCN3lRcVhYNVRQYm1k dWFwMUE4RDh4UW5qMWd4Ci9wSTlDYVlxOVp0Zy80bkRFSlZEZVhvUmdkbEwxUDF3c2JTWlF5MW14 aXg1a1gvV1Qzb0VhT2FHdW5sbEZTem4KWXl1WnhJR0dRRW5FNkhTNVdXSmo3TWZHNnVXcjdORENP UEZmbTRaZVdQSm9aTzFHMlVCQ3BZVk1EZnlGYXlaZgpkclJEV29ib0NKblVnNGpSQ1lqU3djMUg3 ZXByZDlwbU9ONGhqYVFieGNEMjJSRE5GYlYvNytBaStyU09sWmJ2ClplelBzMjBYWmxWWlZ0eFkw RjhVb1hqMVhxcThnTG5iUXFrNXIzWi9iNkFDcE5YUkVnSDJXVW5KS05YOExrL0YKOUtTbjZyTTlE OFNvdVRPd0ZYcDdFNnlGbFlJdXJaNlc1NWZTNzJsbHVmblNHbmp3bm9mbXZtcHRrZjd6WHBQbwpx QWxIWHpaQ1Q1NmZSeUZTNldwMFdhREVEWTJDVFRVaVJ4d3JNOUtSbkRHNE56SzNONmZDVis3Nzdm WU5oVHRnClpjdnRjM3JFR1VxVzBtREJnTk10dVpUOFZmbGFDSXcyTXFVcVptK28ydVYzTmEyQmtI MkJQdG5FS3hqelVGS2QKdjhlQmVXYmw5eHJHa3JsR2hWajViWndDQXNFTDhGck9CQk56K21DR1dk Ky9PSG9rbWp3aXFUZDM1cHBmZFoxWQpoUU5zSW1pcjhOeU1TZnhYby9jTQo9NnA4RQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============1552187294691508752==--