Re: Support Grsecurity/PaX

Jason A. Donenfeld

On Wed, Aug 19, 2015 at 5:11 PM, Dan Kohn <dankohn@...> wrote:
Jason, I do see your points, and the Grsecurity team is welcome to
apply for funding whether they want to upstream their work as patches
or keep it out-of-mainline. I am pointing out that sustainability is a
major factor that the CII steering group evaluates, and that
mainlining the work appears to be a much more sustainable path.
Hopefully the Grsecurity/PaX developers are actually reading this
thread and do consider applying!

One last point, and then I'll fade away a little bit. There is a set
of projects that are core infrastructure and are worth funding. There
is a set of projects that should be mainlined. I think it's entirely
reasonable that while these sets might overlap at times, they won't
overlap all the time, and that's okay. Of course there are worthwhile
kernel projects that are not a part of mainline. And in this case, one
of those projects happens to be core infrastructure, and certainly
worthy of a CII grant.

I play jazz guitar; here's an analogy. Sometimes artists make pop
music, and this sells many albums, and everyone is happy. Othertimes
artists make jazz music, but nobody cares about jazz, so artists often
can't sustain themselves. There are a few artists who do very well
though -- say, Pat Metheny or Herbie Hancock. If your musical
direction fits with theirs, you might get lucky and they'll bring you
on tour (into the mainline!), and then you'll be set for life. But if
not, you'll have to struggle. Fortunately there are a huge amount of
foundations, institutions, conservatories, patrons, and so forth who
help fund talented upcoming jazz artists. Often times these artists
live grant-to-grant (shows don't pay well; cds are pirated). With the
help of these patrons, some jazz artists have a chance, and eventually
become the next big deal. Sometimes they don't become big, but having
their artistic voice in the scene remains an inspiration for many
other artists, and so these patrons have supported a good cause here
too. Now this analogy breaks down, as there are many other odd ways
for jazz musicians to make a living. But hopefully the goofy
comparison will demonstrate that there are indeed very legitimate
grounds for funding non-mainlined kernel code.

Okay, thanks for listening; I'll let others take over the discussion from here.

Join to automatically receive all group messages.