Well these aren't particularly important issues, we don't talk about the important ones ;) It's more of an interesting experiment to see what happens with the information once it's out in the wild. I point out the credit issue merely because it is a constant theme

That said, I think it's fine for people to unwittingly do Google's LLVM plugin bidding without pay (that it should be funding itself) but there's a bit of hubris involved to assume you considered all the things in a particular security implementation that the original authors did

I was reminded recently when trying to look for references of the pervasiveness of PaX's ASLR for instance that it seems that if you don't speak up, someone else will rewrite history for you in their or someone else's favor: security.cs.rpi.edu/courses/… security.cs.rpi.edu/courses/…

Well, while *ASLR* was first publicly implemented by PaX, memory layout randomization was also discussed before ASLR. Even though their not the same, one might think that was a step towards PaX ASLR.

AKA PaX both coined and implemented ASLR, so what's the gripe? Why should PaX not be discussed in the history of the very thing they created? I think the point you're missing is that there's a reason ASLR is being used and not other academic approaches discussed around the time.

None of this was controversial at all years ago, this seems to be a contrived argument from people either too young to know or too ignorant of history and wanting to create some alternate history for some reason. I don't know which, but it's getting old.

I see you mentioning ALSR but not the claim that i'm actually refering to: PaX saying he deserves credit for CFI. pax-future.txt has *some* ideas, not all. You see what I'm trying to say?

Well, because he does. If we're talking about who should be credited with developing the first compiler that implements a form of CFI, then it's obviously be Microsoft. I don't think that's controversial ;) But any person can look at the code it generates...

and see that it's effectively no different from what was discussed in pax-future.txt. When later people implemented CFI, did they use Microsoft's source code? (which correct me if I'm wrong, wasn't released) So why should PaX be left out of this history as well?

I'm not saying PaX should he left out of history, where did I say that :) all I'm saying is that PaX did not coin CFI nor did he first implement it. Isn't that a fact?