lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Jan 2019 16:40:37 +0000
From:   linuxgpletc@...chan.it
To:     "Enrico Weigelt, metux IT consult" <lkml@...ux.net>
Cc:     Ivan Ivanov <qmastery16@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        gentoo-user@...ts.gentoo.org, freebsd-chat@...ebsd.org,
        misc@...nbsd.org, rms@....org
Subject: Fwd: Re: GRSec is vital to Linux security


-------- Original Message --------
Subject: Re: GRSec is vital to Linux security
Date: 2019-01-24 16:25
 From: Boris Lukashev <blukashev@...pervictus.com>
To: linuxgpletc@...chan.it

You've never heard of VMware, I take it? Its a proprietary half Linux
which beats GPL suits with strong arm tactics and technicalities. Unlike
grsec, they don't distribute any source, because it's proof of theft...
Grsecs back port work is also public, since they're public upstream
patches or mailing list patches, the GCC plugins are the real magic...
Those aren't as GPL as the kernel, rap is patented, respectre likely
will be as well. The critical code changes they need (per CPU PGD, for
one) will not be accepted as Linus has "said so." Those code bits are
out there...

Also, doesn't matter if their patch leaks for the most part (4.4 just
did get leaked a few weeks back), as I wrote before, nobody really has
the time or skill available to maintain at their level of quality...
Linux might be free, but it's not something that should be run in
production when there's data or resource at stake.

Is the thought process that they should open up their commercial stable
code for free to all? Because RHEL has the same "don't leak" policy on
RHEL sources too... VMware even goes so far as to blatantly claim not to
use Linux. How about Google's internal Linux?

GPL is dead (has been for 20y), build the strongest defenses you can
with whatever code you can get and prove, because your adversaries won't
care about which license clause their tooling adheres to.

Boris Lukashev
Systems Architect
Semper Victus

-------- Original Message --------
 From: linuxgpletc@...chan.it
Sent: Wednesday, January 23, 2019 05:35 PM
To: bruce@...ens.com
Subject: Re: GRSec is vital to Linux security
CC:
moglen@...umbia.edu,bkuhn@...onservancy.org,compliance@...onservancy.org,blukashev@...pervictus.com,tcallawa@...hat.com,torvalds@...l.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ