Re: [cii-census] Support Grsecurity/PaX
Kevin P. Fleming (BLOOMBERG/ 731 LEX)
toggle quoted message. . .
(sorry for top-posting, our message system doesn't believe anything else is possible)
The funding for the fuzzing project is intentionally short-to-medium-term, with two goals: helping to learn the 'state of the world' (which will feed into the census, and future support/funding decisions), and producing better and easier-to-apply fuzzing tools so that project teams can run them on their own software to identify flaws as early as possible. It's definitely not a long-term 'fuzz test the world' project.
The funding for Frama-C is for further development of the tool (and related tools), not funding to do static analysis of large bodies of open source software.
As a result, neither of these are suitable comparisons to the request for funding of grsecurity/PaX. Such a request would be more comparable to funding OpenSSL, ntpd, etc. Those are also not open-ended funding commitments, but are based on achieving improvements (in some cases, milestones) to continue funding. It's certainly possible that the SC would consider a funding proposal for grsecurity/PaX, but such a proposal would need to include reasonably well defined goals/milestones, and there's no question that the committee discussion would include the topic of the in-tree/out-of-tree status of these tools.
On 19 Aug 2015 at 13:37, Dan Kohn wrote: