Yeah, this all evokes a question of "Et tu, brute?" Given that they are now withholding security patches for older kernels from the public and thus make Gentoo Hardened use only latest kernels, this sounds like a really bad case of kettle calling the pot black.

correlation, maybe.

unfortunately, many people think that there is bad personality->skill causation.

Necessary evil from what I heard. Too many large rich companies were using the grsec patches without contributing, in addition using grsec's name on porting patchsets to ancient kernels that weren't compatible. Wish it didn't have to be that way, but at least they did something rather than end up like a BSD.

So this is how misconceptions spreading. Actually the developers thanked the bug report:



After that the kid tweeted and spread lies everywhere and made wrong analysis of bug (check PaX Team's comment about it) . The kid do not know anything about Grsecurity and the components of it but he defines himself as a security expert. He enabled all Grsec and PaX function in kernel config without any knowledge of them.

One of theese functions is a special GCC plugin which catches integer under- and overflows in running time. Due to the behavior of the GCC optimization and poor programming of kernel there are a lot of false positives which triggers the plugin to alert (default is a kernel panic() or there is a pax_size_overflow_report_only kernel parameter to not panic, but he did not know the latter one). So this component is not for production use or at least not without risk analysis before it...

The kid found one of many false positives with this tool and trolling over the internet that there is a high vulnerability in Grsecurity and blamed the team that they do not doing proper security audits on their patch. After a lot of sensationalist retweets and non-manageable noise the kid has been blocked. After that the kid came to the official #grsecurity IRC channel for trolling. He banned there too so he hastened to announce his persecution on twitter with screenshots...

​He constantly looked for opportunities to make propaganda of his - not - Very High Vulnerability. He got it. Even The Registers made an article about it without asking the Grsecurity developers.

I doubt it... it's simply that you notice the obnoxious personalities precisely because they're obnoxious people in a position to be noticed.

Sadly, the correlation stems from the idea of human nature judging everything. The people who can give less of a shit on someone else's opinion or can tell them to fuck off (who just so happens to be more assholish than someone who actually cares) is the one more likely to get things done.

It's just you.
Just look up "cowboy programming". There are many skilled programmers that just won't play ball.

Debian ships a gsecured kernel too, seems like a newish decision, as it is only in jessie backports and sid. https://packages.debian.org/search?k...-image%20grsec

Nice.

->installing NOW.

Might even upgrade some of my 3.2.x systems to this! New releases add new security bugs so frequently, that I daren't upgrade, I stick with LTS kernels until they're no longer supported. But, having the benefit of grsecurity would maybe offset the risk.

Uhm, jessie default kernel is 3.16, not 3.2. Those systems are on Debian wheezy (current "oldstable"), correct?
Dunno how well will kernel 4.4 (current grsecured one) run with a Wheezy system.