| 1 |
And it's not about money from what I've read, should read this if you |
| 2 |
want some more information : |
| 3 |
https://hardenedlinux.github.io/announcement/2017/04/29/hardenedlinux-statement2.html |
| 4 |
|
| 5 |
On 04/30/2017 01:50 PM, SK wrote: |
| 6 |
> You can't really change license because it is a kernel patch so it has |
| 7 |
> to be GPLv2 from what i understand. |
| 8 |
> |
| 9 |
> |
| 10 |
> On 04/30/2017 01:08 PM, Alex Efros wrote: |
| 11 |
>> Hi! |
| 12 |
>> |
| 13 |
>> On Sat, Apr 29, 2017 at 07:46:10PM +0300, Alex Efros wrote: |
| 14 |
>>> Thanks! But isn't this mean you forbid all Linux distributions (including |
| 15 |
>>> commercial ones like RedHat) to be GrSec/PaX subscribers (in case they |
| 16 |
>>> like to spend some money for it)? I.e. this decision will ensure majority |
| 17 |
>>> of Linux systems will never ever have GrSec/PaX |
| 18 |
>> If no one is replies on this yet because that's sad truth, then may I ask |
| 19 |
>> why don't you like to solve this in some way? |
| 20 |
>> |
| 21 |
>> For example, you can continue publishing source of GrSec/PaX versions, but |
| 22 |
>> use license which allows using it for free only for personal use and small |
| 23 |
>> business (say, less than 10-20 computers) on usual desktop/server PC. |
| 24 |
>> This way all server/desktop Linux distributions will be able to include |
| 25 |
>> alternative hardened kernel or have alternative hardened variant of |
| 26 |
>> overall distribution, but end-user will have to decide is they can use it |
| 27 |
>> for free or should subscribe or avoid using it. |
| 28 |
>> For Android phones/tablets and embedded devices you can make separate |
| 29 |
>> clause in license to let you get some money from Google and companies |
| 30 |
>> developing embedded devices if they will like to use GrSec/PaX, without |
| 31 |
>> forbidding such a possibility at all (rumours are current subscription |
| 32 |
>> options require to limit amount of installations, which is surely doesn't |
| 33 |
>> makes sense for Android). |
| 34 |
>> |
| 35 |
>> This way you shouldn't lose any money comparing to current situation, |
| 36 |
>> it also solve mentioned before issues when bad companies sell unsupported |
| 37 |
>> and modified GrSec variant and use "grsecurity" for marketing own |
| 38 |
>> products. Plus you'll continue wide-test your patch with Gentoo Hardened |
| 39 |
>> and some other distribution users and have your patch available for any |
| 40 |
>> external audit which is always good for security product's karma. |
| 41 |
>> |
| 42 |
>> If there are no good reasons to reject proposed solution and no |
| 43 |
>> alternatives to let people continue using GrSec/PaX for personal/small |
| 44 |
>> business use, then, yeah, conspiracy theories and three-letter-agencies |
| 45 |
>> start coming to mind - just because they wins more than anybody else |
| 46 |
>> including yourself if all Linux distributions won't have GrSec/PaX anymore. |
| 47 |
>> |
| 48 |
> |
Archives