Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 5 May 2017 01:12:37 +0800
From: Shawn <citypw@...il.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>, 
	Mathias Krause <minipli@...glemail.com>, Daniel Cegiełka <daniel.cegielka@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: It looks like there will be no more public
 versions of PaX and Grsec.

Hi Greg

On Fri, May 5, 2017 at 12:03 AM, Greg KH <gregkh@...uxfoundation.org> wrote:
> On Thu, May 04, 2017 at 10:11:04PM +0800, Shawn wrote:
>> That announcement only represented the POV from a group of ppl. From
>> my( and other ppl from HardenedLinux) perspective, Linux foundation is
>> a commercial company and very good at PR but zero integrity to us.
>
> A slight correction here please.  The LF is a non-profit organization[1]
> set up to promote Linux and allow companies who want to see Linux
> succeed, get together and do this.  The LF happens to sponsor a few
> kernel developers (me and Linus), but they can not tell us what to do at
> all.
>
Oh, that's new to me. LF is a non-profit organization. Maybe some
"rumors" isn't true: I thought LF hired two "sales" people in HK last
year? Can you confirm that?

Otherwise, which NGO's runner has $344,220 salary per year?
http://news.idg.no/cw/art.cfm?id=5A9F8343-BAA1-6432-72A26555784BF05E

LF is growing so fast, look at that. Compensation is seems very
promising even in 2013:
https://projects.propublica.org/nonprofits/organizations/460503801

$499,705 is the total compensation in 2014? Wow..why this magic
number? Because $500,000 would be excessive?
http://pdfs.citizenaudit.org/2016_02_EO/46-0503801_990O_201412.pdf

> They also are a place that companies have come together to help with the
> state of security in the Linux and Open Source ecosystem, starting CII
> which offers grants to anyone who wants to get paid to do security work
> (new features, support, audits, etc.)  CII doesn't make any money, it
> gives money away!  Of course it does press releases saying what projects
> it funds in order to get other projects and people to submit project
> proposals to continue this work.  I know of at least 2 new kernel
> security projects that recently got funding because of this.
>
> So there is no "integrity" that the LF can, or can not, have when it
> comes to anyone here as the LF doesn't actually _do_ anything when it
> comes to kernel development (again, other than funding 2 developers
> directly).
>
I'm curious what's your offical relationship with Google? Cu'z you
have this account( gregkh@...gle.com) from Google:
https://android.googlesource.com/kernel/common.git/+/e88bb963b88d5579805b90e8d505739692095042

But you seems still working for LF, aren't you?:
https://www.linuxfoundation.org/about/linux-foundation-fellows

>> They don't respect individuals and the community.
>
> That's a load of crap, really.  The LF has always had a kernel community
> developer as a full board member, and sponsors conferences, travel
> funding, hardware acquisition, intern programs, and lots of other stuff.
> I don't know of any kernel community request that the LF has _not_
> funded, do you?
>
Really? That's also new to me. Let me give you some hints:

The Linux Foundation: Not a Friend of Desktop Linux, the GPL, or Openness:
http://fossforce.com/2017/04/lin-desktop-linux-gpl-openness/

OpenSSL after Heartbleed:
https://lwn.net/Articles/703000/

Linux Foundation quietly drops community representation:
https://mjg59.dreamwidth.org/39546.html

> The LF is all about making the whole community work well together, and
> that includes both individual developers and companies as this is a
> symbiotic relationship (companies use Linux, fund its development,
> create new hardware for Linux to run on, etc.)  Without one part of the
> group, Linux would not succeed at all, and they know that quite well.
>
> If the LF didn't "individuals and the community", I know I wouldn't be
> working for them.
>
> So I don't know why anyone would be "upset" at the LF here, all they
> have done is actually fund people to do kernel security work, including
> members of the grsecurity team!  How is doing that somehow "bad"?  Do
> you want to go back to 2+ years ago when they were not doing this
> funding at all?
>
> And does no one remember how things were before there was a LF?  Do you
> really want to go back to those days?  Were they somehow better than
> things are now?  As someone who remembers those times quite well, I can
> assure you that they were not.
>
In my very "narrow" POV( only as FLOSS supporter and security
consutlant), KSPP would be so much better without LF's involvement and
PR


-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.