The end of a certain age of grsec
 

https://grsecurity.net/passing_the_baton.php

Pity for non commercial users like slackers.

It only confirms what I long suspected, the grsec developers care more about personal profit than linux security.

What do you guys plan to use instead of grsec?

To be honest while I found the idea of a hardened kernel appealing and grsec seemed the best option, but even then the developer attitudes repelled me. In retrospect I guess that was for the best. Now I am interested if either the hardened gentoo or alpine linux communities can continue to move forward.

There is no such good complex security of "ring 0" in linux.
Nobody think about it seriously. There is some "barriers" to prevent get in ring 0 like AppArmor or Selinux but they not prevent exploitation and barrier breaks.

https://grsecurity.net/compare.php

Ring 0 is the basis to think about security in Linux IMHO.
Some elements of grsec ideas in recent kernels introduce Kees Cook because protection default kernel is not the best.

Seems like you are making a case for the commercialisation of the project ...

These things happen.
Often.

Yup.
Some things are ending.Linux too.I hope not but like I see comercial already knows how to fight with community taking everything giving little or nothing.

fyi: LONG discussion (&more links) here: http://news.ycombinator.com/item?id=14202421

RE: #4: I just 'discovered' AlpineLinux, so I wonder too. Also DevilLinux
http://wikipedia.org/wiki/Grsecurity mentions Alpine.

Commercial companies have always been like that; greed is a part of how they operate. Linux arose despite that, and people will always find a way to deploy Linux at their companies and personally. Corporate greed won't kill Linux.

I would rather say: thank you for your sixteenth years of well done job for Linux. I wish the best, hope enterprise will be successful, this is good when other see you can earn honestly some money with Linux. For those who really care about security, there is no question pay or not to pay. It is being done what is necessary. All the best. And please do not listen, all those complaining: they are simply jealous.

We're all really fortunate that there are so many people who pour years of their lives to developing great software that they provide at no cost at all. But this is a blessing, not a right. The developers are the IP owners of the software they create, and they are free to license it as they choose. It's not "greedy" to do so, but it is rather entitled to demand they provide it free of charge.

My 2 cents, though I expect it is not a very popular viewpoint.

Only if by "IP" you mean copyright then, yes, you are spot on. Their code, their choice of license.

If by "IP" you mean software patents, and if Grsecurity is located in the US where software, algorithms, and business methods are patented, then no, odds are someone else controls many or all of the patents. For that they are not free to license it as they choose.

Anyway, here is a blog post at hardenedlinux about why Gresecurity made the licensing change:

• https://hardenedlinux.github.io/anno...tatement2.html

I meant copyrights. I should have said they are free to license as they choose, provided it is legal.

While its okay for grsec to charge money for their code, its not okay for them to put their customers under threat of retaliation if the code is then shared with someone else.

This is a long, sad history, involving the clash of personalities and a considerable degree of bitterness (involving Torvalds, spender and others) leading to the current situation today.

While I can understand PaX/grsec making their patches private, after well over a decade of putting them out for free and being largely undervalued by Torvalds and others [as "security people"], KSPP was probably the final insult, though I have to say that spender's attitude and "we did it first!" approach has been a large contributing factor.

As some have commented, this might be the "kick" which will spawn other people/projects to start working on Linux kernel security. Some of the multi-billion dollar corporations who fund, use and profit from the Linux kernel might want to make a start on this or pour in some investment.

//edit: http://undeadly.org/cgi?action=artic...20160527203200

This was an article last year when OpenBSD began implementing W^X. If you read the comments you'll see that PaX team jump in immediately to ensure the reader knows they got there first. I have to agree with some of the comments, in that PaX/grsec was never going to make headway in it's current form as it's not really being widely used and not really being implemented correctly in distributions which offer it. Recent events won't really help in it's adoption.