Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 May 2017 01:12:37 +0800
From: Shawn <citypw@...il.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>, 
	Mathias Krause <minipli@...glemail.com>, Daniel Cegiełka <daniel.cegielka@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: It looks like there will be no more public
 versions of PaX and Grsec.

Hi Greg

On Fri, May 5, 2017 at 12:03 AM, Greg KH <gregkh@...uxfoundation.org> wrote:
> On Thu, May 04, 2017 at 10:11:04PM +0800, Shawn wrote:
>> That announcement only represented the POV from a group of ppl. From
>> my( and other ppl from HardenedLinux) perspective, Linux foundation is
>> a commercial company and very good at PR but zero integrity to us.
>
> A slight correction here please.  The LF is a non-profit organization[1]
> set up to promote Linux and allow companies who want to see Linux
> succeed, get together and do this.  The LF happens to sponsor a few
> kernel developers (me and Linus), but they can not tell us what to do at
> all.
>
Oh, that's new to me. LF is a non-profit organization. Maybe some
"rumors" isn't true: I thought LF hired two "sales" people in HK last
year? Can you confirm that?

Otherwise, which NGO's runner has $344,220 salary per year?
http://news.idg.no/cw/art.cfm?id=5A9F8343-BAA1-6432-72A26555784BF05E

LF is growing so fast, look at that. Compensation is seems very
promising even in 2013:
https://projects.propublica.org/nonprofits/organizations/460503801

$499,705 is the total compensation in 2014? Wow..why this magic
number? Because $500,000 would be excessive?
http://pdfs.citizenaudit.org/2016_02_EO/46-0503801_990O_201412.pdf

> They also are a place that companies have come together to help with the
> state of security in the Linux and Open Source ecosystem, starting CII
> which offers grants to anyone who wants to get paid to do security work
> (new features, support, audits, etc.)  CII doesn't make any money, it
> gives money away!  Of course it does press releases saying what projects
> it funds in order to get other projects and people to submit project
> proposals to continue this work.  I know of at least 2 new kernel
> security projects that recently got funding because of this.
>
> So there is no "integrity" that the LF can, or can not, have when it
> comes to anyone here as the LF doesn't actually _do_ anything when it
> comes to kernel development (again, other than funding 2 developers
> directly).
>
I'm curious what's your offical relationship with Google? Cu'z you
have this account( gregkh@...gle.com) from Google:
https://android.googlesource.com/kernel/common.git/+/e88bb963b88d5579805b90e8d505739692095042

But you seems still working for LF, aren't you?:
https://www.linuxfoundation.org/about/linux-foundation-fellows

>> They don't respect individuals and the community.
>
> That's a load of crap, really.  The LF has always had a kernel community
> developer as a full board member, and sponsors conferences, travel
> funding, hardware acquisition, intern programs, and lots of other stuff.
> I don't know of any kernel community request that the LF has _not_
> funded, do you?
>
Really? That's also new to me. Let me give you some hints:

The Linux Foundation: Not a Friend of Desktop Linux, the GPL, or Openness:
http://fossforce.com/2017/04/lin-desktop-linux-gpl-openness/

OpenSSL after Heartbleed:
https://lwn.net/Articles/703000/

Linux Foundation quietly drops community representation:
https://mjg59.dreamwidth.org/39546.html

> The LF is all about making the whole community work well together, and
> that includes both individual developers and companies as this is a
> symbiotic relationship (companies use Linux, fund its development,
> create new hardware for Linux to run on, etc.)  Without one part of the
> group, Linux would not succeed at all, and they know that quite well.
>
> If the LF didn't "individuals and the community", I know I wouldn't be
> working for them.
>
> So I don't know why anyone would be "upset" at the LF here, all they
> have done is actually fund people to do kernel security work, including
> members of the grsecurity team!  How is doing that somehow "bad"?  Do
> you want to go back to 2+ years ago when they were not doing this
> funding at all?
>
> And does no one remember how things were before there was a LF?  Do you
> really want to go back to those days?  Were they somehow better than
> things are now?  As someone who remembers those times quite well, I can
> assure you that they were not.
>
In my very "narrow" POV( only as FLOSS supporter and security
consutlant), KSPP would be so much better without LF's involvement and
PR


-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ