Hacker News new | past | comments | ask | show | jobs | submit login

And the original plan, but recently Hector is getting more and more annoyed with the process of upstreaming the patches. I really hope the situation improves so we don't get another PaX situation :( (different reasons of course, but similar result)



What is the PaX situation? I tried googling but didn't find it


results of my Googling:

PaX seems to refer to the PaX team: https://pax.grsecurity.net/

There seems to have been drama related to some of their patches https://news.ycombinator.com/item?id=14633163.


There's a lot more nuance there, but my summary would be: pax team created grsecurity patches which are awesome, they come as a big bundles rather than separate patches for each part, and are a bit disruptive - you need to know why you want them / are they worth it. Upstream doesn't want huge bundles, pax doesn't want to invest time in splitting them up and fighting with upstreaming each one separately. There's some external effort in the last years to chip away the most important ones, (KSPP, Popov Kees) but it's slow. In the meantime pax provides grsecurity as consultancy.

Again - I skipped lots of details.


In short, PaX and grsecurity were security patches for the Linux kernel that failed to be upstreamed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: