|
|
Subscribe / Log in / New account

State of the Kernel Self Protection Project

State of the Kernel Self Protection Project

Posted Sep 4, 2016 15:14 UTC (Sun) by mina86 (guest, #68442)
In reply to: State of the Kernel Self Protection Project by PaXTeam
Parent article: State of the Kernel Self Protection Project

> the proper way to upstream our code would be for somebody to pay for that time.

It's free software, anyone can upstream it in any way they want regardless of being paid or not.

to post comments

State of the Kernel Self Protection Project

Posted Sep 4, 2016 16:10 UTC (Sun) by PaXTeam (guest, #24616) [Link] (10 responses)

you're wrong, not anyone can upstream this much code without getting paid, you must be an early retiree with a few millions in your bank account to be able to work the thousands of hours 'for free'. but hey, prove me wrong, give it a try yourself and report back on your progress in a few years (or more realistically, never ;).

State of the Kernel Self Protection Project

Posted Sep 4, 2016 18:01 UTC (Sun) by ssmith32 (subscriber, #72404) [Link] (1 responses)

Confused. Is upstreaming the code without demanding payment such a unique and valuble ability that it should be respected and applauded, or so easy and simple that anyone could do it? You seem to be taking both positions?

State of the Kernel Self Protection Project

Posted Sep 4, 2016 18:42 UTC (Sun) by PaXTeam (guest, #24616) [Link]

you're confused indeed as i took neither of those positions.

State of the Kernel Self Protection Project

Posted Sep 5, 2016 0:43 UTC (Mon) by mina86 (guest, #68442) [Link] (7 responses)

I’m not commenting on practicalities.

But notice that in the past, people developing free software in their free time without being paid for it was the norm. To this day this in not out of ordinary. IIRC unaffiliated contributors are still single group involved in Linux.

Lastly, as far as I understand, a lot of the hard work has already been done (and PaX and grsecurity teams are to be thanked for that) so now pushing the code upstream is the easiest part.

There may be political reasons why it’s hard for the PaX and grsecurity teams to do that, but complaining about someone who puts up with Linus et al. to get the code into Linux is just childish.

State of the Kernel Self Protection Project

Posted Sep 5, 2016 17:39 UTC (Mon) by PaXTeam (guest, #24616) [Link] (5 responses)

i think you simply have no experience with upstreaming code of this amount and complexity and so don't understand the amount of effort needed for it. the thousands of hours i mentioned wasn't hyperbole, it's my estimate based on observing past progress (and often lack thereof) on various attempts. of course you can call me names all you want but that doesn't change the physical reality in which i simply don't have those thousands of hours of free time to spend (dare i say, waste) on upstreaming this code and clearly noone else does as all the real progress so far was made on company time.

State of the Kernel Self Protection Project

Posted Sep 5, 2016 18:16 UTC (Mon) by mina86 (guest, #68442) [Link] (4 responses)

I don’t understand your point then:

> the proper way to upstream our code would be for somebody to pay for that time.

This sounds to me that you’re claiming current upstreaming efforts are not proper because no one is paying for the time. Is that what you’re saying?

State of the Kernel Self Protection Project

Posted Sep 5, 2016 19:15 UTC (Mon) by PaXTeam (guest, #24616) [Link] (3 responses)

perhaps try not to take stuff out of context and also read the comment i replied that to :).

State of the Kernel Self Protection Project

Posted Sep 5, 2016 21:11 UTC (Mon) by nix (subscriber, #2304) [Link] (2 responses)

So... reading that, your complaint is that nobody is paying *you* in particular to upstream it?

This is sounding less and less high-minded by the minute.

State of the Kernel Self Protection Project

Posted Sep 5, 2016 21:15 UTC (Mon) by PaXTeam (guest, #24616) [Link]

not quite, try reading what i responded to again.

State of the Kernel Self Protection Project

Posted Sep 6, 2016 10:13 UTC (Tue) by paulj (subscriber, #341) [Link]

To be fair, even if "No one paid me to do it" is what PaX intended as a criticism, that's still quite acceptable. They spent a lot of effort on that work, and really it would be good if those who work on Linux get something towards food, shelter, etc. You can understand why he'd be miffed if others are now being supported to pick at their work and upstream bits.

E.g., every seems to be agreed PaX et al have done some good work on security. Wouldn't it be nice if some of the money going into hardening the kernel helped that work?

The question is whether the inter-personal issues at play can be overcome to make that possible. Whether PaX et al can co-operate, tackle the nits and implement review comments (which sometimes do no more than help give the reviewers a shared sense of participation and value - but we socio-insensitive techies often don't perceive the soft, socio-politics, sigh), etc. Whether the other side(s) could get over their hostility, etc. ?

Shame really for everyone, inc. the users.

State of the Kernel Self Protection Project

Posted Sep 9, 2016 14:13 UTC (Fri) by thestinger (guest, #91827) [Link]

> IIRC unaffiliated contributors are still single group involved in Linux

Lack of known affiliation doesn't mean they aren't being paid to do the work. It can still be part of their full-time work or a contract. They may also be self-employed in a way that they earn money from landing code upstream. A subset are certainly volunteers but there aren't meaningful numbers on that.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds