Re: Is this Grsecurity patch issue going to harm IPFire going forward?

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 4284 bytes --]

On Wed, 2015-09-09 at 18:35 +0200, IT Superhack wrote:
> Michael Tremer:
> > On Mon, 2015-08-31 at 12:08 +0200, IT Superhack wrote:
> > > Michael Tremer:
> > > > I certainly like the idea to help funding the project. However
> > > > I do
> > > > not
> > > > see any point in raising money to give to the lawyers to defend
> > > > the
> > > > trademark or to sue because of the GPL violation. That money
> > > > could
> > > > certainly be used better than being given to the lawyers.
> > > I agree with Michael. Raising money just for giving them to
> > > lawyers
> > > is
> > > not a very good solution in my point of view.
> > > 
> > > In the past, I noticed that there were patches send to grsecurity
> > > coming
> > > from the IPFire team. Therefore, I guess there might be a way to
> > > get
> > > out
> > > of this situation.
> > 
> > What does that change?
> It is usually much easier to solve a conflict if both sides already
> know
> each other and cooperated in the past... (Not sure if it works here,
> but
> usually, it does.)

Yes, we try out best, but I am afraid that in the end we cannot make a
huge difference to this whole mess. Haven't heard anything from Brad in
the mean time...

> > > Remember Transifex? On their website, they said that open-source
> > > projects don't need to pay anything, commercial projects need to
> > > do
> > > so.
> > > I like this idea because it takes the money from those who can
> > > afford
> > > to
> > > pay it, and not from everybody. Maybe Brad and the PaX team would
> > > agree
> > > to this...
> > 
> > This is very easy to do with services and not so easy with
> > software. We
> > don't have a license for that, either. I personally would not
> > consider
> > this being a good option because free software should be free for
> > every
> > one.
> Of course, it would conflict with the definition of "free" software.
> But
> in my opinion, it is better to restrict the freedom than to ruin your
> project, and I think that's what the grsecurity team did (which is
> understandable to me).

The grsecurity project is not ruined. At least not the software. That
the situation is not making things easier is undoubtedly true.

I just do not see a way that makes it possible to run a project "half
-open". Either you publish the code or not. If you open it for one
group, what would stop an other group from taking it? We have seen that
this company in question does not really about any licensing any way.

I am also not entirely sure if that what Brad does is a good solution.
First of all grsecurity is not usable for most of its users since most
likely they will all use the "stable" version. But this patch modifies
lots of kernel code which is licensed under the terms of the GPL.
Modifications of that must be made public. I do not know what will be
released and when, but I think that this cannot be a permanent solution
any way.

> > 
> > > > 
> > > > Just donate to the projects you use and love. Every single bit
> > > > does
> > > > help. It will sum up soon.
> > > I have a general question here: How much users does IPFire has?
> > > (Once
> > > Michael said if everybody running an IPFire system would donate
> > > 1€
> > > per
> > > month, worries about funding would become obsolete.)
> > 
> > We do not know exactly how many systems are out there. If you count
> > users that would be an extremely higher number than instances,
> > because
> > we know that there are many with hundreds and thousands of users.
> Of course, but I'm sure there is a way of telling the amount (1 000?
> 100
> 000? 1 Million?) of systems, isn't it?

We do have fireinfo and based on the data of that an estimation of how
many systems there are out there. However we do not know how accurate
that is. Probably not very much.

> > 
> > I said that in my talk at the last IPFire summit, that if we had
> > one
> > Euro for each running system a month, we would have enough money to
> > run
> > the project in a different way :)
> Ah, okay, that was it.

I am not sure if that is obvious or not: Our situation has not improved
a single bit since then. It has even become slightly worse. So if you
know someone who can become a sponsor, ask them to get in touch with
us.

Best,
-Michael

> > 
> Best regards,
> Timmothy Wilson
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]