On Wed, Aug 19, 2015 at 10:59 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

That's a nearly reasonable objection, but I think it's a bit narrow of
a vision on how many open projects work. More generally, it's "how can
a small but essential open source project be supported?" One answer is
by merging with an already funded project, like the Linux kernel
itself, that already has plenty of commercial investment, with paid
developers.

Jason, I do see your points, and the Grsecurity team is welcome to
apply for funding whether they want to upstream their work as patches
or keep it out-of-mainline. I am pointing out that sustainability is a
major factor that the CII steering group evaluates, and that
mainlining the work appears to be a much more sustainable path.

Separately, I would encourage you (and them) to take a look at a
sister project to the CII census, which is our best practices program.
https://github.com/linuxfoundation/cii-best-practices-badge

One criteria we might add in the future is around mainlining code.
--
Dan Kohn <mailto:dankohn@linux.com>
Senior Advisor, Core Infrastructure Initiative
tel:+1-415-233-1000