Re: Grumble
The proper comparision would be whether the STAFF of IBM, Intel, et al. are working for free or not...
Not even the people involved in the KSPP are working for free. How come the grsec people (spender, pipacs and whoever else is involved) are expected to work for free, while the KSPP guys aren't?
Why is there even a KSPP when they could have just funded grsec with much better results?
Answer: Linus doesn't give a fuck about security or see exploit mitigation and hardening as something that belongs in the kernel. He along with certain others have successfully alienated the people who are actually have a damn solid track record of providing it.
Now when the pressure is on to actually do something about the sorry state of Linux kernel security, trying to mend things would mean he publicly admitting he was wrong ... which he's far too proud to do.
Besides, he doesn't actually care about security, only about appearing to do something about it, so the results don't really matter.
Enter the KSPP which consisted mostly of taking random parts from grsec without any deeper understanding of the issues. Considering that the people involved have a near-zero record of meaningful innovation in this field, I would suspect they are pretty much screwed now without public grsec patches. At most they can add a bunch of half-assed useless "features" for show, probably introducing more vulnerabilities in the process just as they have done before.
So, to save Linus' face, money is being spent on make-believe work and every Linux users security suffers.
Biting the hand that feeds IT
