if you think SELinux is an answer to your problem, you are wrong. SELinux is a complicated framework that removes transparency from security decisions made by a system.
Conversation
"oh, i decided to use SELinux to solve my problem"
"now i have two problems"
5
11
42
Replying to
Curious how you'd compare this to Qubes or seL4 or even grsec. Those also feel somewhat like "now I have two problems," but they also seem like they legitimately solve something in a way that SELinux doesn't quite
1
1
1
grsec solves the problem of how you get paid for infringing gpl...
2
1
7
i have a lot of doubts about the legality of the grsecurity "commercial GCC plugin" business too
1
3
was Open Source Security Inc. not selling the GCC plugins individually at one point?
2
1
at least web.archive.org/web/2019062517 alludes to the RAP plugin being productized as a commercial standalone product outside of the grsecurity kernel patch.
1
i don't think anyone here disagrees that you have the right to cut off people's grsecurity subscriptions if they bundle it with a product and have to abide by their GPL obligations; but building a product from a GPL SDK, in concert with a GPL program is a different question
1
I disagree with that. Granting license only with a threat of commercial retaliation if used is not following the gpl's requirement to license under gpl with no further conditions.
1
It's not an additional condition for what you already received. I think they distribute everything as source code anyway. The GCC plugins are GPLv2 only and GCC expects plugins to be GPLv3 but that has been inherited as a problem for the upstream plugins in the Linux kernel too.
There is no problem, you're forgetting about the GCC runtime library exemption: gnu.org/licenses/gcc-e If anyone had a problem with it, they wouldn't be linking to the code on their own site: gcc.gnu.org/wiki/plugins or could just shoot anyone a simple email...
1
1
Show replies