Comment by staticassertion

This implies (or states, hard to say) that they don't upstream specifically in order to profit. That is nonsense.

1. Tons of bugs are reported upstream by grsecurity historically.

2. Tons of critical security mitigations in the kernel were outright invented by that team. ASLR, SMAP, SMEP, NX, etc.

3. They were completely FOSS until very recently.

4. They have always maintained that they are entirely willing to upstream patches but that it's a lot of work and would require funding. Upstream has always been extremely hostile towards attempts to take small pieces of Grsecurity and upstream them.