About this list Date view Thread view Subject view Author view Attachment view

From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Tue 01 Jun 2004 - 23:26:17 BST

> > So... noone wants to maintain vserver+grsec... and now noone wants to
> > maintain grsec itself?
> Well he's borrowing money to buy food.
 Normally you would work to get money for food
> So he can't support himself and spend all his time doing grsecurity. One
> of his sponsors failed to pay him, so he's stuck.
 Shame on his sponsors, but on another hand - shame on grsec community,
the way I see it, grsec should get split into few managable parts with few
developers working on it.
 Single developer without stable income is asking for trouble...

> The current vserver+grsecurity is working perfectly well for me on my
> systems. I've been using Sandino Araico Sanchez's vserver+grsec patch and
> they've been stable as a rock.
 That's good for you.
And if you believe this is ideal recommendation then I've got this
wonderfully cheap bridge for sale, it's a real bargain...

 To reiterate what I and few other people already said - it's not enough to
just integrate two conflicting patches and call it a day - vserver+grsec is
not trivial.
Until someone comes up and commits to maintaining vrsec;) vserver+grsec
does not exist. All that exist is a bunch of amateur merges of
vserver&grsec ... I made those.. few other people made those... but AFAIK
noone with intimate understanding of both projects.
 So there are two main challanges - 1) merging (with understanding and
documenting what are you doing, for example, resolving chroot restrictions
can be made in multitude of ways, grsec on top of vserver, vserver on top
of grsec, grsec instead of vserver, vserver instead of grsec etc...etc...
And this is probably the most trivial part)
2) commiting to maintaining this product... accepting bugreports, updating,
communicating with both vserver and grsec teams ( for example, securing
chroot properly for vserver+grsec should result in modifications that could
go to both those projects ).

 The way it is now it looks like this:
 "Hi, i downloaded grsec+vserver and now I've got this problem...
 Oh wait, my kernel is oopsing like crazy".

So, I think that the best way to resolve this whole mess goes like this:
1) grsec sponsors get their acts together (probably fear of bad publicity
may help here...),
2) bunch of different developers gets interested in grsec, and one of those
decides to take responsibility for maintaining this whole magical vrsec
3) in the process of accomodating new developers grsec splits into modules
(like in the early days of security enhancing patches) with different devs
taking care of different modules.

Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
We're giving you a new chance in life, and an opportunity
 to screw it up in a new, original way.
Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 01 Jun 2004 - 23:26:32 BST by hypermail 2.1.3