Re: Support Grsecurity/PaX

Dan Kohn

On Wed, Aug 19, 2015 at 4:15 PM, Dan Kohn <dankohn@...> wrote:
CII follows the philosophy of Linux development that long-term,
out-of-mainline patches are problematic because of the maintenance
issues and lack of peer-review.
On Wed, Aug 19, 2015 at 10:21 AM, Jason A. Donenfeld <Jason@...> wrote:

Please do try to consider Grsecurity/PaX as not "just another out of tree
patchset" but rather a mission critical project that serves a real world
benefit in addition to pushing the bounds with the research that goes into
it. No matter the debate on the various kernel development practices and
philosophies, nobody in the security world disagrees with the fact that
keeping Grsecurity/PaX around as a healthy project is very critical.
Regardless of the mainline discussion, Grsecurity/PaX, as it exists today,
*is* *core* *infrastructure*.
Jason, if CII funded Grsecurity/PaX for a year or two, it would keep
the project going, but then what? It is unlikely that CII could fund
the project indefinitely, so it would remain an unhealthy project. By
contrast, if we funded mainlining the most important parts of
Grsecurity, then the thousands of companies and individuals that
develop Linux would take responsibility for maintaining it (and
improving it) indefinitely. The parts that didn't get accepted could
still be maintained out-of-mainline by whatever companies or
individuals chose to do so.
Dan Kohn <mailto:dankohn@...>
Senior Advisor, Core Infrastructure Initiative

Join to automatically receive all group messages.