This thread is for discussion of replacement's of grsecurity the now non-gratis hardening patch for the Linux kernel.
There's none we're doomed
>>60490917
apparmor/selinux, grsecurity has always been placebo afaik
>>60491101
Are you serious?
FSF is suing grsec for GPL violation in July
>>60490917
>what is RSBAC
But seriously, the Kernel Self Protection Project needs help, all devs go give them a hand.
>>60492296
>>60492296
This is why GPLv3 was invented. If you want the source to be open you shouldn't use any other version.
>>60492296
kek literally what GPL violation? They provide the source to buyers.
>>60492296
Also they're not even distributing FSF-copyrighted code. It's exclusively patches to Linux, the kernel.
>>60494097
GPLv2 and GPLv3 both allow this, as do all free software licenses, I think. You're allowed to distribute modified versions, either gratis or for a fee, and you're not obliged to give anybody a copy if you don't want to.
>>60490917
Someone should become a customer, get the patches, strip out all grsecurity trademarks, publish it, and then not be allowed to get any more patches due to the ToS violation. Then later someone else should do the same thing.
So:
>Can you make money by selling free software?
Sure, if you keep making it and only sell subsequent versions to people who didn't exercise their freedom to redistribute the earlier versions.
>>60492296
It isn't FSF.
>>60495393 >>60495427
If you specifically and explicitly refuse to sell subsequent versions to people who exercise their redistribution rights, you are (by estoppel) violating GPLv2 §6:
>You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
Since the stupid idiots put this policy in writing, some large corporate Linux kernel copyright holders are investigating their options.
While the net effect would be the same - we'd have to replace grsecurity because PaX Team won't share and would take their toys and go home because they insist on getting paid for their work despite the fact that I'm pretty sure they've never fucking paid Linus or any of the other kernel devs - the FSF do like the idea of explicitly asserting that this is not OK, so some kind of C&D and a potential lawsuit if the C&D is not complied with is probably on the cards.
>>60495427
>>60496731
Beyond the grsecurity fuckup, there is a lesson here. No more letting a team of idiots run the show because the development can be closed down and then the same idiots can hold hostage everyone else.
Another good reason for not trusting systemd.
>>60490917
use qubes os
>>60490917
nothing comes close to what grsecurity provided and the kspp is stagnant soooo?...
>>60491101
grsecurity mitigated against zero day kernel exploits, apparmor/selinux can't do that
>>60490917
how is arch-hardened?
>>60491101
nsa?
>>60496731
>they insist on getting paid for their work
the bastards
>If you specifically and explicitly refuse to sell subsequent versions to people who exercise their redistribution rights, you are (by estoppel) violating GPLv2 §6:
what about section 2 subsec. b?
>>60490917
Just install OpenBSD.
https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
should be fine for servers and older hardware otherwise i would go for https://github.com/thestinger/linux-hardened
>>60498814
>kspp is stagnant
nope