I find that a bit harsh. Many new security features have been added to the recent kernel versions, and more will follow. Who knows - perhaps that grsecurity decision will even speed up that process. EDIT: In kernel 4.11 several new security features/improvements will be added: 1. gcc-plugins: Add structleak for more stack initialization. Background. 2. Security layer improvements. 3. User namespace improvements. 4. Improvements in the crypto subsystem. 5. Protection against refcounting overflows. 6. Better random numbers. This list is probably not complete.
Spender pretty much laid waste to the KSPP. Maybe he's way off but when the gravy train of copied security features developed by GrSec runs dry a few more kernels down the road, given that KSPP needs time to reverse engineer grsec code & to pass muster with Linus, anything new will have to come from somewhere else. I have to assume that GrSec will start patenting their new security code/ideas so free reverse engineering won't be so easy to get away with. https://grsecurity.net/compare.php
Well, Spender has always been rather blunt in badmouthing/ridiculing everything that doesn't come from Grsecurity. Frankly, I doubt that this will be possible. Richard Stallman already thinks that Grsecurity is violating GPL. The point is that Grsecurity is patching the Linux kernel which itself is under the GPL license. But GPL says that the source code of every modification of GPL software must be openly available. If Grsecurity starts patenting their code, the GPL violation would be more than obvious.
I agree that a negative outlook on KSPP by Spender was to be expected. On the other - since they are selling their info and only selling their info now does the new code become a blob that isn't under GPL?
FWIW, I've noticed that after abandoning the linux-grsec kernel in Arch Linux, Daniel Micay is now maintaining a linux-hardened kernel. There is a reference on the "Security" wiki site which points to a very interesting site on the Gentoo wiki. Obviously, Daniel, Kees Cook and other contributors are maintaining a hardened kernel where they try to merge Grsecurity/PaX features. One of their goals is to "maintain a set of patches for security features that have not yet been merged into mainline". The "Progress tracking" table at the bottom of that site is very instructive. BTW, a very interesting read is Kees Cook's long post where he writes about the recent grsecurity decision and the relationship between grsecurity and mainline/KSPP.
Blog post from HardenedLinux: https://hardenedlinux.github.io/announcement/2017/04/29/hardenedlinux-statement2.html
PaX Team replied, though it could have been more civil.. http://www.openwall.com/lists/kernel-hardening/2017/05/11/2
