Grsecurity stops issuing public patches, citing trademark abuse

The gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing their stable patches to the public. In future, only paying sponsors will get access to stable patches to shore up their kernels' defenses. The test series, unfit for production use, will however continue to be available, to avoid impacting the Gentoo Hardened and Arch Linux communities. The project's full source code will still be released to the public at large, but non-sponsors will have to pick through every update to find out what's applicable to them.

The whole situation stems from WindRiver, a subsidiary of Intel, which "has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven't been evaluated by us for security impact." After spending several thousand on legal fees, faced with "a huge legal team, the capability to drag out the case for years" and a threat to request "all available sanctions and attorneys' fees" were the lawsuit to proceed against them, Grsecurity decided pursuing the case through the courts was not practical.