Re: Support Grsecurity/PaX

Home Messages Hashtags Subgroups

Dan Kohn #12 On Wed, Aug 19, 2015 at 10:03 AM, Jason A. Donenfeld <Jason@...> wrote: It's important to note, though, that it shouldn't be considered relevant whether or not their work is mainlined. This is an important core project that's extremely widely used by everybody who cares about security. Ensuring the work goes on is of critical importance. Not only that, but work done in Grsecurity/PaX _does_ make its way back to mainline bit by bit in the form of individual patches that are a rework of features pioneered by Grsecurity/PaX. In other words, mainlined or not, keeping Grsecurity/PaX around with healthy funding is of the utmost importance for the Linux ecosystem at large. We need them. (And I believe they very likely need you, CII.) CII follows the philosophy of Linux development that long-term, out-of-mainline patches are problematic because of the maintenance issues and lack of peer-review. Of course, the Grsecurity/PaX team is welcome to continue as they have been, and the GPL allows them to charge for consulting services. But the most likely scenario for a CII grant would be to facilitate inclusion into mainline. -- Dan Kohn <mailto:dankohn@...> Senior Advisor, Core Infrastructure Initiative tel:+1-415-233-1000
More All Messages By This Member

Join cii-census@lists.coreinfrastructure.org to automatically receive all group messages.