libreplanet-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Article on GRSecurity, RMS, etc.

From: Shawn
Subject: Re: [libreplanet-discuss] Article on GRSecurity, RMS, etc.
Date: Wed, 29 Jun 2016 12:10:34 +0800 
On Wed, Jun 29, 2016 at 4:15 AM, Adam Van Ymeren <adam.vany@gmail.com> wrote:
>> Well, about this part I can't speak for Spender and PaX team. IMOHO,
>> Spender doesn't care if you share the patch to those real FLOSS
>> hackers who knows the importance of contribute back to the community.
>
> This doesn't appear to be the case.  There are two reports I've seen
> of people being threatened if they exercise freedom 2 granted to them
> by the GPL.
>
> https://www.reddit.com/r/linux/comments/4gxdlh/after_15_years_of_research_grsecuritys_rap_is_here/d2lwrdo
>
> https://www.reddit.com/r/KotakuInAction/comments/4grdtb/censorship_linux_developer_steals_page_from_randi/d2l0ny8
>
Can you make a list here what kind of human rights organization will
need PaX/Grsecurity's stable patch as a must? I'm quite curious if
their production systems are more critical than SecureDrop:

https://securedrop.org/

If SecureDrop can live with test patch:

https://github.com/freedomofpress/ansible-role-grsecurity
https://freedom.press/securedrop-files/iSEC_OTF_FPF_SecureDrop_Deliverable_v1.2.pdf

I'd say the test patch can handle the most scenarios. Otherwise, I've
been using test patch for almost one year and its quality can fit
myself and my customer's needs. I have no idea why they called test
patch "the "dumber" version for unstable patches";-)

>>
>>> "The freedom to redistribute copies so you can help your neighbor (freedom 
>>> 2)."
>>>
>> IMOHO, Spender & PaX team never try to stop me help my "neighbors"
>> from hardenedlinux community;-)
>>
>>> I'm not a lawyer or expert on the GPL.  The GPL may not protect
>>> against situations like this, but it clearly goes against the spirit
>>> of Free Software.
>>>
>> FLOSS community has been benefiting from PaX/Grsecurity for more than
>> a decade. Most features of PaX/Grsecurity is/was ahead of industry and
>> kernel upstream over years, e.g: the 1st non-executable bit was
>> implemented in PaX's SEGEXEC back in 2000 and then Intel made it as a
>> hardware bit( NX) in 2004; PaX released UDEREF around 2007, Intel's
>> SMEP/SMAP came later for 4--7 years. Even other OSes has been learning
>> from PaX/Grsecurity's design and implementation:
>>
>> http://hardenedlinux.org/images/pax_grsec_graph.jpg
>>
>> We've been suffering for years from Linux kernel's security philosophy
>> "a bug is bug". KSPP is emerged out after the truth disclosured to the
>> public:
>>
>> http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/
>>
>> KSPP is a good starting point and it's going to a long way to go.
>> Dude, we are very lucky to have PaX/Grsecurity because they are
>> willing to share their research. Maybe some people don't like
>> Spender's personal character...to be honest, I don't give a shit about
>> it. CU'z I don't have other options. If some big corps leeched your
>> research and make money from it, what would you do? As a security
>> consultant and a free software enthusiast( supporter of
>> FSF/FSFE/EFF/SFC for years), I can fully understand why PaX/Grsecurity
>> guys do this. IMOHO, PaX/Grsecurity is a friend of ours( FLOSS
>> community). BIGBROs/Exploit vendors/leaches are the real enemies.
>
> Just because the PaX/Grsecurity guys produce some quality software
> doesn't override the moral requirements of free software.
>
> PaX/Grsecurity wouldn't even be a thing without the Linux kernel that
> came before them.  It is hypocritical and violates the spirit if Free
> Software to take the exercise your freedoms but then try to prevent
> others from doing the same.
>
> Free Software is a moral issue, not a technical one.  Technical
> excellence doesn't supersede moral obligations.
>
Agree. The philosophical ideas of Free Software is the pillar of the
FLOSS world. Those philosophical ideas should be always put on the 1st
priority and the prosperity of the practical side( open source) are
just outcome from it. But we should take very serious about the case
of PaX/Grsecurity. This FLOSS project is important enough to get
hatred by the enemy of ours. Even a GNU/Linux vendor( btw: they
wouldn't call themselves "GNU/Linux"-_-) doesn't like
PaX/Grsecurity;-) Just like RMS once said "Our future depend on
philosophy". Political rightness won't save us. BIGBROs won't be
disappeared even if we don't want to admit.



-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn
reply via email to
[Prev in Thread] Current Thread [Next in Thread]