grsecurity closing its doors

Toggle sidebar Toggle sidebar
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Front page

Beginning today, May 31, 2004, development of grsecurity will cease. On June 7, the website, forums, mailing list, and CVS will be shut down. Due to a sponsor unexpectedly dropping sponsorship of grsecurity while continually promising payment, I began the summer in debt and had to borrow money from family to pay for food. If none of the companies that depend on grsecurity, some of them being very large, are able to sponsor the project, grsecurity will cease to exist. Though grsecurity is licensed under the GPL, I am the sole developer and originator of ideas for the project. Though it would be possible for others to handle maintenance of the project, the quality won't be held to the same standards and will not progress with the same goals I have set for the project. I am not looking for help with hosting, as the hosting for grsecurity has been provided for free for over a year and a half and will continue to be provided unless the project has to end. I am also not looking for paypal donations at this point, unless those that donate do so with the recognition that despite their donation, grsecurity may still never be returning. If your company wishes to sponsor grsecurity, please contact me at spender@grsecurity.net. To continue to the website (until June 7th), click here.
Click to expand...

Not sure if the PaX project will continue, but I definitely hope so. boo to the company that stiffed him.
 
D

drag

Elite Member
Jul 4, 2002
8,708
0
0
Ya, that sucks.

It's tough when you think you have nice help and you end up getting stiffed, that's worse then getting no help at all.

If that company finishes him off by screwing him over I figure it would be a good idea for full disclosure of that company so we can know exactly what happened. :(


Unfortunately it seems that the dual-mode software liscencing model is the best one when it comes to funding projects. Did gsecurity do something like that?

Like QT and a few other companies and software projects were you have people transfer copyrights when writing contributing software seem like the best course of action... (so that the project can offer closed source liscences agreements to companies for a price (for people who don't want to mess around with GPL and such) without stepping on other developer's toes.)

I don't particularly like that a whole lot, personally though.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I think contracts are the way to go personally.

I wonder what hardened gentoo is going to do now...
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Nothinman
I wonder what hardened gentoo is going to do now...
Click to expand...

They probably havn't even noticed yet, they're all too busy recompiling things...
Click to expand...

HAHA!

Does trusted Debian have any of the good security patches out there?
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Does trusted Debian have any of the good security patches out there?
Click to expand...

I've personally never used it.

http://www.trusteddebian.org/faq.html

4. Why don't you use gr-security?

You can compare gr-security TPE (Trusted Path Execution) and ACLs (Access Control List) to RSBAC as you can compare a bicycle to a car. In other words, RSBAC offers much more power and functionality than gr-security. The parts of gr-security which do not deal with TPE and ACLs (and I am talking about the non-executable data stuff and the IP randomization stuff) are also available as seperate patches. The non-executable data stuff which is available in gr-security is also available in the Adamantix kernel. And the IP-randomization stuff is on the to-do list. So in other words, gr-security does not offer anything which is not already available in the Adamantix kernel or is planned to be available in the future.
Click to expand...
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Nothinman
Does trusted Debian have any of the good security patches out there?
Click to expand...

I've personally never used it.

http://www.trusteddebian.org/faq.html

4. Why don't you use gr-security?

You can compare gr-security TPE (Trusted Path Execution) and ACLs (Access Control List) to RSBAC as you can compare a bicycle to a car. In other words, RSBAC offers much more power and functionality than gr-security. The parts of gr-security which do not deal with TPE and ACLs (and I am talking about the non-executable data stuff and the IP randomization stuff) are also available as seperate patches. The non-executable data stuff which is available in gr-security is also available in the Adamantix kernel. And the IP-randomization stuff is on the to-do list. So in other words, gr-security does not offer anything which is not already available in the Adamantix kernel or is planned to be available in the future.
Click to expand...
Click to expand...

So they don't use grsec because the trusted Debian feature list is incomplete?

Any security related Linux project that isn't using atleast PaX is kidding themselves.

EDIT: And they are using PaX it seems. Nice.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom