This is an undesirable situation for users, but I want to offer a positive outlook on this. Ever since KSPP started, some of the dynamics started to shift and I wager that closing off grsec will motivate more users and developers to consider supporting efforts that are in mainline linux. Short-term this is a problem and may require relying and hoping 4.9-lts-grsec will be available and functioning. When Bitkeeper licensing was revoked from the community, it didn't take long for git to emerge. I see a similar pattern and high potential for repetition of the same dynamics here. No grsec will force people to either subscribe ala RHEL and hope spender is able to fulfill his end of the contract or supporting KSPP and seamless LSM integration in major distro packages. I must admit that spender may have started a process that will result in arriving quicker at mainline kernel having a comparable set of protections. Because as long as grsec was there and offered for relatively recent kernels, there wasn't much motivation or arguments to make to support a mainline reimplementation. I believe this will light a fire under KSPP and related community driven projects. I faintly remember when there was OpenGrsec because grsec was dead or zombie but that was at least a decade ago and my memory is probably incomplete. I mean some grsec users might consider fleeing to HardenedBSD since they provide a whole system like Hardened Gentoo, especially those using grsec on hosting servers where the availability of jails, capsicum, zfs, dtrace, ports and hardenedbsd may have already looked enticing.