silentcorner

For those who are system people, grsecurity is a patch for the Linux kernel that provides heightened security for Linux systems via role based access control, chroot hardening, /proc and filesystem hardening, extensive auditing, along with the PaX patches and others to add the level of security that the default kernel lacks (For the non-technical… it makes the system much more secure and less susceptible to the numerous “rootkits” and other tactics used to try and get “root” or full access to the system, especially on systems that are shared among multiple users.) The software that makes up this patch is open source and maintained (well, I might add… better than most if not all other available security patches for Linux) by Spender.

As of May 31, Spender has announced that development will cease due to financial issues:

Beginning today, May 31, 2004, development of grsecurity will cease. On June 7, the website, forums, mailing list, and CVS will be shut down. Due to a sponsor unexpectedly dropping sponsorship of grsecurity while continually promising payment, I began the summer in debt and had to borrow money from family to pay for food. If none of the companies that depend on grsecurity, some of them being very large, are able to sponsor the project, grsecurity will cease to exist. Though grsecurity is licensed under the GPL, I am the sole developer and originator of ideas for the project. Though it would be possible for others to handle maintenance of the project, the quality won’t be held to the same standards and will not progress with the same goals I have set for the project. I am not looking for help with hosting, as the hosting for grsecurity has been provided for free for over a year and a half and will continue to be provided unless the project has to end. I am also not looking for paypal donations at this point, unless those that donate do so with the recognition that despite their donation, grsecurity may still never be returning.

This is unfortunate news since, as I mentioned before, grsecurity is one of the best maintained security patches for the Linux kernel, one I use myself and seen work in thwarting attacks multiple times. But this is a known potential downside of using certain open source software, particularly software maintained largely by one person, one whom needs to make a living off of it to maintain it (and whom I question his real commitment to the open source model.) But on the positive side of open source, if there’s enough interest to continue it, others can pick up the torch and run with it, as this is all GPL’d. The problem will be finding people as committed and as knowledgable as Spender. Time will tell.

This news was also seen at slashdot.