Date: Tue, 18 Dec 2018 15:11:30 +0100 From: Solar Designer <solar@...nwall.com> To: kernel-hardening@...ts.openwall.com Cc: James Hilliard <james.hilliard1@...il.com> Subject: Re: grsecurity updated source code On Mon, Dec 17, 2018 at 07:13:53PM -0700, James Hilliard wrote: > I've obtained and uploaded a recent grsecurity kernel here: > https://github.com/jameshilliard/linux-grsec/ > > From my understanding this is the stable patch. > > Source code was obtained from a vendor via GPL request. As a moderator, I reluctantly accepted James' message. Here are the aspects I considered: - Availability of Linux kernel hardening changes is on-topic here. - The kernel-hardening mailing list isn't limited to KSPP, so even if KSPP's current stance is possibly not to use code from "closed" grsecurity this doesn't make the message inappropriate for the list. I also thought of many other aspects, but found them personal, subjective, and/or outright irrelevant to my decision-making as a moderator, so I didn't let them affect the moderation decision: - Having this posted might result in some vendor's access to further grsecurity patches getting revoked. Maybe that will negatively affect that vendors' product security, and thus security of their users. - Having this posted might boost "accusations" against KSPP of "stealing" "closed" grsecurity work, regardless of whether there will be any use of this work by KSPP or not. (I've seen such things stated as if they were accusations on some discussion forums, but not substantiated. Now they might start referring to this thread.) - The reasons not to reuse "closed" grsecurity work under KSPP are that it's not independent innovation (does independent innovation have value on its own or/and would it be NIH syndrome?), that there's still more than enough to go through in older grsecurity, and that reusing the "closed" grsecurity work would go against their preference. As far as I'm aware, there's nothing really stopping KSPP from doing that, and doing it might be for the benefit of Linux users. - I dislike the drama. I wish James' message were never sent in here, as having it posted might contribute to further drama. - Having this posted might upset Brad. That makes me unhappy. - I guess having this posted won't negatively affect grsecurity's business. In fact, this is more like availability of a temporary free trial, which might boost sales a bit later. - I actually have mixed feelings about their business. On one hand, it's cutting-edge Linux kernel hardening work that still benefits some users, and it's great that people are paid for the work. On the other, grsecurity has demonstrated that they may use money against free speech. - At this point, I would be only slightly surprised if approving this kind of messages results in Brad threatening me. I still have enough respect for him that I hope he won't. I also thought of possibly not commenting on my moderation decision, or not listing the "personal, subjective, and/or outright irrelevant" thoughts above as they might contribute to the drama. But in the end I have included them, (naively?) hoping they'd help avoid further drama and need to explain that/why these things didn't affect the decision. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.