From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Is this Grsecurity patch issue going to harm IPFire going forward? Date: Fri, 11 Sep 2015 15:53:14 +0100 Message-ID: <1441983194.4141.32.camel@ipfire.org> In-Reply-To: <55F05FE6.5040100@web.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8956895532354307218==" List-Id: --===============8956895532354307218== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit On Wed, 2015-09-09 at 18:35 +0200, IT Superhack wrote: > Michael Tremer: > > On Mon, 2015-08-31 at 12:08 +0200, IT Superhack wrote: > > > Michael Tremer: > > > > I certainly like the idea to help funding the project. However > > > > I do > > > > not > > > > see any point in raising money to give to the lawyers to defend > > > > the > > > > trademark or to sue because of the GPL violation. That money > > > > could > > > > certainly be used better than being given to the lawyers. > > > I agree with Michael. Raising money just for giving them to > > > lawyers > > > is > > > not a very good solution in my point of view. > > > > > > In the past, I noticed that there were patches send to grsecurity > > > coming > > > from the IPFire team. Therefore, I guess there might be a way to > > > get > > > out > > > of this situation. > > > > What does that change? > It is usually much easier to solve a conflict if both sides already > know > each other and cooperated in the past... (Not sure if it works here, > but > usually, it does.) Yes, we try out best, but I am afraid that in the end we cannot make a huge difference to this whole mess. Haven't heard anything from Brad in the mean time... > > > Remember Transifex? On their website, they said that open-source > > > projects don't need to pay anything, commercial projects need to > > > do > > > so. > > > I like this idea because it takes the money from those who can > > > afford > > > to > > > pay it, and not from everybody. Maybe Brad and the PaX team would > > > agree > > > to this... > > > > This is very easy to do with services and not so easy with > > software. We > > don't have a license for that, either. I personally would not > > consider > > this being a good option because free software should be free for > > every > > one. > Of course, it would conflict with the definition of "free" software. > But > in my opinion, it is better to restrict the freedom than to ruin your > project, and I think that's what the grsecurity team did (which is > understandable to me). The grsecurity project is not ruined. At least not the software. That the situation is not making things easier is undoubtedly true. I just do not see a way that makes it possible to run a project "half -open". Either you publish the code or not. If you open it for one group, what would stop an other group from taking it? We have seen that this company in question does not really about any licensing any way. I am also not entirely sure if that what Brad does is a good solution. First of all grsecurity is not usable for most of its users since most likely they will all use the "stable" version. But this patch modifies lots of kernel code which is licensed under the terms of the GPL. Modifications of that must be made public. I do not know what will be released and when, but I think that this cannot be a permanent solution any way. > > > > > > > > > > Just donate to the projects you use and love. Every single bit > > > > does > > > > help. It will sum up soon. > > > I have a general question here: How much users does IPFire has? > > > (Once > > > Michael said if everybody running an IPFire system would donate > > > 1€ > > > per > > > month, worries about funding would become obsolete.) > > > > We do not know exactly how many systems are out there. If you count > > users that would be an extremely higher number than instances, > > because > > we know that there are many with hundreds and thousands of users. > Of course, but I'm sure there is a way of telling the amount (1 000? > 100 > 000? 1 Million?) of systems, isn't it? We do have fireinfo and based on the data of that an estimation of how many systems there are out there. However we do not know how accurate that is. Probably not very much. > > > > I said that in my talk at the last IPFire summit, that if we had > > one > > Euro for each running system a month, we would have enough money to > > run > > the project in a different way :) > Ah, okay, that was it. I am not sure if that is obvious or not: Our situation has not improved a single bit since then. It has even become slightly worse. So if you know someone who can become a sponsor, ask them to get in touch with us. Best, -Michael > > > Best regards, > Timmothy Wilson > > --===============8956895532354307218== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSlY4dXJhQUFvSkVJQjU4UDl2a0FrSDlaUVFBSUdsejB6ZDBSQndYSndhbUp4TER6ZWcK OEF0NUVTZ0xkdmM1QmtBdk5oVElZRm13b2U5WGZMQWdub0JhaW8waFFuWXdqVFhhcFp3M2ZNSlVP cG9uZGRiOAp5WHNmMVpHc2dFSzdWQUtIQ2RRc0VoWUJqNXc0SldveTIyN01vUWU3RFJyeHhNV1dr eTFqREVNYWNzVXZKUnBKCmtBWE9UaXord25ZTVFDcGw3Q3NWT3RHZFo4TDN4Q0RqRXM5SlBEQjQx aDVoT3Voc1JBWmRvL1gwMEFXSUxzL1cKR1J0QURGNkxGWjNTTVJuQUx0MER6OWRMOTNtN1RBU1ll NU1ydFVpbXA1a29jSVUxTU5oazQyZzVHSG8zQ3kxTAo5WkVJU09OUVl1ck05eFFQZmlVNDZqYjJj emRrVTFZQ0xjSE1KZzNHQy9IOFgrRi9mcElHWU9JaFQrOWo4N2hyClJicVFUV2tOaEVHOVRzSkdT dk5zVG1qUVBMU2ZiRHZaNFlTd25vVzI2VVNjOUV5ZXhpV1k2NUV2c1JNcmliMm8KdHc3N2lDT0Yy Q093N2VsQVhPMjlSeHhQZW5uYXg4WWxIOVFJOW1SbHcwVEtLdWJzQ042VXR6dXJuWGE4OUc0TQpq Nk9xWXVFeGxCUWt2bTk1YWFnanNGR0ZCbjAxTnpkKzEzOXNFK0t2M0RPaVZId21xZEIxeXFZdkpx ZEFuZU5rCjRxaDBlRk1kbkdsU29xMExBN3ppOGs3TkpHbVdESDVRbFZzYmU2Q2x1WjNrdjFEQlVF Z1hKVXhJbzk5Nm5WYzYKbXBDakZQREFMTlJESVZ3dUFUMFlHTlNXblJxM2h6dk9tdEpxbkN5Yk1r R25yZ1VyUmF4Tm5oT0VsaHpYU1pZbQpxOWJZVVRIRVpUdGNnbWtLY1hXVQo9QXhmZQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============8956895532354307218==--