Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20170504160356.GA16988@kroah.com>
Date: Thu, 4 May 2017 09:03:56 -0700
From: Greg KH <gregkh@...uxfoundation.org>
To: Shawn <citypw@...il.com>
Cc: Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>,
	Mathias Krause <minipli@...glemail.com>,
	Daniel Cegiełka <daniel.cegielka@...il.com>,
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: It looks like there will be no more public
 versions of PaX and Grsec.

On Thu, May 04, 2017 at 10:11:04PM +0800, Shawn wrote:
> That announcement only represented the POV from a group of ppl. From
> my( and other ppl from HardenedLinux) perspective, Linux foundation is
> a commercial company and very good at PR but zero integrity to us.

A slight correction here please.  The LF is a non-profit organization[1]
set up to promote Linux and allow companies who want to see Linux
succeed, get together and do this.  The LF happens to sponsor a few
kernel developers (me and Linus), but they can not tell us what to do at
all.

They also are a place that companies have come together to help with the
state of security in the Linux and Open Source ecosystem, starting CII
which offers grants to anyone who wants to get paid to do security work
(new features, support, audits, etc.)  CII doesn't make any money, it
gives money away!  Of course it does press releases saying what projects
it funds in order to get other projects and people to submit project
proposals to continue this work.  I know of at least 2 new kernel
security projects that recently got funding because of this.

So there is no "integrity" that the LF can, or can not, have when it
comes to anyone here as the LF doesn't actually _do_ anything when it
comes to kernel development (again, other than funding 2 developers
directly).

> They don't respect individuals and the community.

That's a load of crap, really.  The LF has always had a kernel community
developer as a full board member, and sponsors conferences, travel
funding, hardware acquisition, intern programs, and lots of other stuff.
I don't know of any kernel community request that the LF has _not_
funded, do you?

The LF is all about making the whole community work well together, and
that includes both individual developers and companies as this is a
symbiotic relationship (companies use Linux, fund its development,
create new hardware for Linux to run on, etc.)  Without one part of the
group, Linux would not succeed at all, and they know that quite well.

If the LF didn't "individuals and the community", I know I wouldn't be
working for them.

So I don't know why anyone would be "upset" at the LF here, all they
have done is actually fund people to do kernel security work, including
members of the grsecurity team!  How is doing that somehow "bad"?  Do
you want to go back to 2+ years ago when they were not doing this
funding at all?

And does no one remember how things were before there was a LF?  Do you
really want to go back to those days?  Were they somehow better than
things are now?  As someone who remembers those times quite well, I can
assure you that they were not.

Sorry for the digression,

greg k-h

[1] Yes, it's structured as a trade organization, it has to be that way
    from a legal point of view in order for companies to be able to
    help Linux and work together.  Without it, companies would be
    violating anti-trust laws and would not be able to help the
    community out at all.  Think of the LF as the "Milk Advisory Board"
    for Linux.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.