Date: Fri, 5 May 2017 01:12:37 +0800 From: Shawn <citypw@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>, Mathias Krause <minipli@...glemail.com>, Daniel Cegiełka <daniel.cegielka@...il.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: It looks like there will be no more public versions of PaX and Grsec. Hi Greg On Fri, May 5, 2017 at 12:03 AM, Greg KH <gregkh@...uxfoundation.org> wrote: > On Thu, May 04, 2017 at 10:11:04PM +0800, Shawn wrote: >> That announcement only represented the POV from a group of ppl. From >> my( and other ppl from HardenedLinux) perspective, Linux foundation is >> a commercial company and very good at PR but zero integrity to us. > > A slight correction here please. The LF is a non-profit organization > set up to promote Linux and allow companies who want to see Linux > succeed, get together and do this. The LF happens to sponsor a few > kernel developers (me and Linus), but they can not tell us what to do at > all. > Oh, that's new to me. LF is a non-profit organization. Maybe some "rumors" isn't true: I thought LF hired two "sales" people in HK last year? Can you confirm that? Otherwise, which NGO's runner has $344,220 salary per year? http://news.idg.no/cw/art.cfm?id=5A9F8343-BAA1-6432-72A26555784BF05E LF is growing so fast, look at that. Compensation is seems very promising even in 2013: https://projects.propublica.org/nonprofits/organizations/460503801 $499,705 is the total compensation in 2014? Wow..why this magic number? Because $500,000 would be excessive? http://pdfs.citizenaudit.org/2016_02_EO/46-0503801_990O_201412.pdf > They also are a place that companies have come together to help with the > state of security in the Linux and Open Source ecosystem, starting CII > which offers grants to anyone who wants to get paid to do security work > (new features, support, audits, etc.) CII doesn't make any money, it > gives money away! Of course it does press releases saying what projects > it funds in order to get other projects and people to submit project > proposals to continue this work. I know of at least 2 new kernel > security projects that recently got funding because of this. > > So there is no "integrity" that the LF can, or can not, have when it > comes to anyone here as the LF doesn't actually _do_ anything when it > comes to kernel development (again, other than funding 2 developers > directly). > I'm curious what's your offical relationship with Google? Cu'z you have this account( gregkh@...gle.com) from Google: https://android.googlesource.com/kernel/common.git/+/e88bb963b88d5579805b90e8d505739692095042 But you seems still working for LF, aren't you?: https://www.linuxfoundation.org/about/linux-foundation-fellows >> They don't respect individuals and the community. > > That's a load of crap, really. The LF has always had a kernel community > developer as a full board member, and sponsors conferences, travel > funding, hardware acquisition, intern programs, and lots of other stuff. > I don't know of any kernel community request that the LF has _not_ > funded, do you? > Really? That's also new to me. Let me give you some hints: The Linux Foundation: Not a Friend of Desktop Linux, the GPL, or Openness: http://fossforce.com/2017/04/lin-desktop-linux-gpl-openness/ OpenSSL after Heartbleed: https://lwn.net/Articles/703000/ Linux Foundation quietly drops community representation: https://mjg59.dreamwidth.org/39546.html > The LF is all about making the whole community work well together, and > that includes both individual developers and companies as this is a > symbiotic relationship (companies use Linux, fund its development, > create new hardware for Linux to run on, etc.) Without one part of the > group, Linux would not succeed at all, and they know that quite well. > > If the LF didn't "individuals and the community", I know I wouldn't be > working for them. > > So I don't know why anyone would be "upset" at the LF here, all they > have done is actually fund people to do kernel security work, including > members of the grsecurity team! How is doing that somehow "bad"? Do > you want to go back to 2+ years ago when they were not doing this > funding at all? > > And does no one remember how things were before there was a LF? Do you > really want to go back to those days? Were they somehow better than > things are now? As someone who remembers those times quite well, I can > assure you that they were not. > In my very "narrow" POV( only as FLOSS supporter and security consutlant), KSPP would be so much better without LF's involvement and PR -- GNU powered it... GPL protect it... God blessing it... regards Shawn
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.