Re: [gentoo-hardened] RIP hardened-sources

2017.Április 30.(V) 16:34 időpontban Andrew Savchenko ezt írta: >> On Sun, Apr 30, 2017 at 04:00:39PM +0300, Andrew Savchenko wrote: >> > The only way to preserve this functionality in the long run is to >> > port it to the mainline kernel. This will not be easy, most likely >> > not everything

Re: [gentoo-hardened] RIP hardened-sources

On Sun, 30 Apr 2017 16:16:46 +0300 Alex Efros wrote: > Hi! > > On Sun, Apr 30, 2017 at 04:00:39PM +0300, Andrew Savchenko wrote: > > The only way to preserve this functionality in the long run is to > > port it to the mainline kernel. This will not be easy, most likely > > not everything will be

Re: [gentoo-hardened] RIP hardened-sources

Hi, On Sun, 30 Apr 2017 15:56:02 +0300 Alex Efros wrote: > Hi! > > On Sun, Apr 30, 2017 at 01:55:16PM +0200, SK wrote: > > And it's not about money from what I've read, should read this if you > > want some more information : > > If it's all just about credits, ego and personal conflict with LF

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sun, Apr 30, 2017 at 04:00:39PM +0300, Andrew Savchenko wrote: > The only way to preserve this functionality in the long run is to > port it to the mainline kernel. This will not be easy, most likely > not everything will be accepted, some stuff will have to be > reimplemented using

Re: [gentoo-hardened] RIP hardened-sources

2017-04-30 13:50 GMT+02:00 SK : > You can't really change license because it is a kernel patch so it has > to be GPLv2 from what i understand. Really? Can you remind me when Grsecurity or PaX Team distributed the Linux kernel? If they did, all code is under GPL-2. But that

Re: [gentoo-hardened] RIP hardened-sources

Hi, On Sat, 29 Apr 2017 15:47:44 +0300 Alex Efros wrote: > Hi! > > On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote: > > I suppose we all just grudgingly switch over to gentoo-sources? > > I wonder for how long time current kernel with grsec will be more safe and > protected against

Re: [gentoo-hardened] RIP hardened-sources

On Sat, 29 Apr 2017 22:34:14 +0200 Tóth Attila wrote: > 2017.Április 29.(Szo) 20:43 időpontban Daniel Cegiełka ezt írta: > >> That's the part I don't get either. Since the only possible motivation > >> I can think of for this move is to generate more income, they could've > >> at least tried

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sun, Apr 30, 2017 at 01:55:16PM +0200, SK wrote: > And it's not about money from what I've read, should read this if you > want some more information : If it's all just about credits, ego and personal conflict with LF - when they the hell it affects everybody else? AFAIK Gentoo Hardened

Re: [gentoo-hardened] RIP hardened-sources

On Sun, 30 Apr 2017 13:55:16 +0200 SK wrote: > And it's not about money from what I've read, should read this if you > want some more information : > https://hardenedlinux.github.io/announcement/2017/04/29/hardenedlinux-statement2.html Sounds like a very lame excuse... > Closing the public

Re: [gentoo-hardened] RIP hardened-sources

And it's not about money from what I've read, should read this if you want some more information : https://hardenedlinux.github.io/announcement/2017/04/29/hardenedlinux-statement2.html On 04/30/2017 01:50 PM, SK wrote: > You can't really change license because it is a kernel patch so it has > to

Re: [gentoo-hardened] RIP hardened-sources

You can't really change license because it is a kernel patch so it has to be GPLv2 from what i understand. On 04/30/2017 01:08 PM, Alex Efros wrote: > Hi! > > On Sat, Apr 29, 2017 at 07:46:10PM +0300, Alex Efros wrote: >> Thanks! But isn't this mean you forbid all Linux distributions (including

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sat, Apr 29, 2017 at 07:46:10PM +0300, Alex Efros wrote: > Thanks! But isn't this mean you forbid all Linux distributions (including > commercial ones like RedHat) to be GrSec/PaX subscribers (in case they > like to spend some money for it)? I.e. this decision will ensure majority > of

Re: [gentoo-hardened] RIP hardened-sources

On 29/04/17 18:58, Luis Ressel wrote: > On Sat, 29 Apr 2017 18:52:56 +0200 > Javier Juan Martinez Cabezon wrote: > >> It's not one PaX alternative as its only one of its features but rsbac >> recently implemented native W or X and seems to work fine > > If you're only

Re: [gentoo-hardened] RIP hardened-sources

Thanks to everyone involved in the Gentoo Hardened project, especially Spender and Pax Guy, for the effort and guidance throughout the years. The anecdotes shared in this thread echo my own experiences to a degree, and I've learned a lot about computer security by trying to get the grsec RBAC

Re: [gentoo-hardened] RIP hardened-sources

2017.Április 29.(Szo) 20:43 időpontban Daniel Cegiełka ezt írta: >> That's the part I don't get either. Since the only possible motivation >> I can think of for this move is to generate more income, they could've >> at least tried asking the community for donations first. > > It's more complex: >

Re: [gentoo-hardened] RIP hardened-sources

2017-04-29 19:04 GMT+02:00 Luis Ressel : > On Sat, 29 Apr 2017 17:56:10 +0200 > Daniel Cegiełka wrote: > >> By the way, I don't know what the Gentoo Hardened or Alpine Linux >> have done wrong, that now are left out in the cold. > > That's the part I

Re: [gentoo-hardened] RIP hardened-sources

On Sat, 29 Apr 2017 17:56:10 +0200 Daniel Cegiełka wrote: > By the way, I don't know what the Gentoo Hardened or Alpine Linux > have done wrong, that now are left out in the cold. That's the part I don't get either. Since the only possible motivation I can think of

Re: [gentoo-hardened] RIP hardened-sources

On Sat, 29 Apr 2017 18:52:56 +0200 Javier Juan Martinez Cabezon wrote: > It's not one PaX alternative as its only one of its features but rsbac > recently implemented native W or X and seems to work fine If you're only looking for userland W^X, SELinux has some support for

Re: [gentoo-hardened] RIP hardened-sources

It's not one PaX alternative as its only one of its features but rsbac recently implemented native W or X and seems to work fine On 29/04/17 17:56, Daniel Cegiełka wrote: > 2017-04-29 14:47 GMT+02:00 Alex Efros : > It's not about grsecurity, it's about PaX. This was the

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sat, Apr 29, 2017 at 03:46:54PM +0200, PaX Team wrote: > > But at soon as their customers (say, some government org or large > > company) will APPLY that patch to Linux kernel and try to DISTRIBUTE that > > kernel on their computers > > there's no need to speculate on this, the FSF has

Re: [gentoo-hardened] RIP hardened-sources

2017-04-29 14:47 GMT+02:00 Alex Efros : > Hi! > > On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote: >> I suppose we all just grudgingly switch over to gentoo-sources? > > I wonder for how long time current kernel with grsec will be more safe and > protected

Re: [gentoo-hardened] RIP hardened-sources

On 29/04/2017 15:11, Alex Efros wrote: > Sure, they can sell their patch to Linux kernel without opensourcing that > patch. But at soon as their customers (say, some government org or large > company) will APPLY that patch to Linux kernel and try to DISTRIBUTE that > kernel on their computers -

Re: [gentoo-hardened] RIP hardened-sources

On 29 Apr 2017 at 16:11, Alex Efros wrote: > Hi! > > On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote: > > in case anyone hasn't read in on LWN yet, here's what I'm talking > > about: https://grsecurity.net/passing_the_baton.php > > Sorry for OT, but is this legal? Or, more correct,

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote: > in case anyone hasn't read in on LWN yet, here's what I'm talking > about: https://grsecurity.net/passing_the_baton.php Sorry for OT, but is this legal? Or, more correct, is this will works? Sure, they can sell their patch to

Re: [gentoo-hardened] RIP hardened-sources

Hi! On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote: > I suppose we all just grudgingly switch over to gentoo-sources? I wonder for how long time current kernel with grsec will be more safe and protected against new exploits than up-to-date gentoo-sources… Something new in security: