Here is the information about Spender and GRsecurity copied from my other post:
It was after GRsecurity became private that they had an issue with people making upstream security contributions, particularly upstreaming anything from the GRsecurity patches. They had disagreements about that, and then moved past it and are on good terms now.
It’s absolutely ridiculous to claim that Micay has anything to do with them making things private.
It was Wind River, owned by Intel, which was the main offender for upstreaming the patches.
Micay was the one who introduced GRsecurity in Arch Linux and did all the integration it had for PaX exceptions and the start of RBAC support (systemd was an issue at the time).
It was afterwards once it became private that it was awkward because they didn’t want people upstreaming or maintaining ports of their work but at the time Micay was maintaining GRsecurity in Arch Linux and GrapheneOS (then called CopperheadOS) was using the PaX subset for kernel hardening, so there were existing uses of it to try to keep going in some way.
Here is the information about Spender and GRsecurity copied from my other post:
https://grsecurity.net/announcehttps://news.ycombinator.com/item?id=10126319