Re: Support Grsecurity/PaX

Meredith Whittaker
 

Seems like there are a number of thoughts, and a general consensus that grsecurity is useful and used and deserves support. Cool! OK. 

What's missing is a proposal, tying funding to specific outcomes. I think this is a next step that would help narrow this conversation, and allow CII to vote on funding during its next Steering meeting (Sept. 17th). 

Cheers,
Meredith 

On Fri, Aug 21, 2015 at 5:29 PM, Tom Ritter <tom@...> wrote:
I'm pretty far from the kernel development community. I know the
generalities we've seen in this threat about different communities
attitudes about mainlining, and I understand that pretty much everyone
is either frustrated with the situation or given up on it.

I just wanted to weigh in add support to the notion that PaX/grsec is
a critical piece of security software, is very highly regarded, and
it's always the first thing we recommend to people when they ask "How
an we harden our systems?"  Then they almost never do it. It _has_
been very frustrating over the years that it has not been mainlined,
but I would rather it exist out-of-tree and be made as available as
easily and broadly as possible than not exist at all.

Maybe the answer is going to the distros and making it easy to switch
to a patched kernel to drive adoption, or maybe that's a horrible
idea. I think it would be wonderful if something could be done - but I
don't know what the exact plan could be.

-tom
_______________________________________________
cii-census mailing list
cii-census@...
https://lists.coreinfrastructure.org/mailman/listinfo/cii-census



--
Meredith Whittaker
Open Source Research Lead
Google NYC




Join cii-census@lists.coreinfrastructure.org to automatically receive all group messages.