| 1 |
On Fri, May 12, 2017, at 16:38, Alex Efros wrote: |
| 2 |
> Hi! |
| 3 |
> |
| 4 |
> On Fri, May 12, 2017 at 09:10:43PM +0200, "Tóth Attila" wrote: |
| 5 |
> > Please take a look at on the reply of PaxTeam postend on the openwall |
| 6 |
> > mailing list: |
| 7 |
> > http://openwall.com/lists/kernel-hardening/2017/05/11/2 |
| 8 |
> |
| 9 |
> What's for? It's pointless. Only very few people are really interested |
| 10 |
> (i.e. not just curious) in knowing who is paid by which company for doing |
| 11 |
> what, who makes more real bugs, and who lies about something. |
| 12 |
> |
| 13 |
> The important questions about how to keep current level of protection for |
| 14 |
> individual/small business users and how users of some distributions like |
| 15 |
> Gentoo/Ubuntu/Android can be protected with GrSec/PaX are still |
| 16 |
> unanswered. |
| 17 |
> |
| 18 |
> While large companies may buy subscription for GrSec/PaX the mentioned |
| 19 |
> above categories of users can't (correct me if I'm wrong, please) - so |
| 20 |
> effectively the change in GrSec policy makes harm and punish mostly these |
| 21 |
> categories of users. If that's real GrSec/PaX goal - it's very sad but |
| 22 |
> they probably have rights to do this (except their public reasoning |
| 23 |
> doesn't match what they actually do, so probably there are some unsaid |
| 24 |
> reasoning exists too), but if it's not their real goal - then they |
| 25 |
> probably should provide some options for these categories of users too. |
| 26 |
> |
| 27 |
> -- |
| 28 |
> WBR, Alex. |
| 29 |
|
| 30 |
Individuals can certainly request a quote -- I did -- their director of |
| 31 |
sales is very patient, considerate and accommodating. Unfortunately the |
| 32 |
price is quite a bit more than I can personally afford at present. |
| 33 |
|
| 34 |
|
| 35 |
I don't personally doubt PaXteam/Spenders stated reasoning. It appears |
| 36 |
they've encountered a quite aggravating situation with what may amount |
| 37 |
to plagiarists. The post Dr. Toth linked closely mirrored what I |
| 38 |
initially anticipated from observing kspp and the like from afar. I |
| 39 |
think they're in a crap situation and what they've done is one of the |
| 40 |
better of several bad options. |
| 41 |
|
| 42 |
|
| 43 |
So, I am considering the costs of alternative control environments for |
| 44 |
my personal systems, perhaps it will be worth the quoted price after all |
| 45 |
once I've assessed options. |
| 46 |
|
| 47 |
But, point being, if paying is not out of the question I think you |
| 48 |
should request a quote. |
| 49 |
|
| 50 |
|
| 51 |
-- |
| 52 |
0x7D964D3361142ACF |
Archives