What is KSPP? I saw it being compared to and called a competitor to grsecurity, but I can't find a patch or Git repository to download.
Is it just an idea/manifesto or something real, with a concrete patch/repository to download (even if unfinished)? Are there programmers who call themselves a part of the KSPP team? Or maybe most results of KSPP labour gets steadily upstreamed, so no need for any separate patches?
KSPP is not a competitor. It is a project to get improved security features into the Linux kernel, funded by the Core Infrastructure Initiative. Grsecurity, on the other hand, is a security patch for Linux produced by Open Source Security, Inc. Grsecurity is implemented as a series of modifications to the kernel source code, as well as security-enhancing GCC plugins. There is no KSPP patch to download because all improvements are upstreamed. In many cases, the ideas for improvements come directly from the latest available public grsecurity patch. For example, grsecurity wrote a high-performance reference count overflow mitigation. KSPP tried implementing it themselves, found out the performance was terrible, and instead took grsecurity's version, modified it slightly, and include it in upstream Linux. Now upstream has (basic) refcount protection.
In terms of security, grsecurity is vastly ahead of KSPP. This is in part because grsecurity is willing to take "risks" that Linux kernel devs do not want to take (e.g. using i386 segmentation), but also simply because the grsecurity developers are significantly more security-focused, without the limitations of developers who don't consider security bugs to be any worse than another bug. The main (only?) advantage KSPP has over grsecurity currently is that security improvements brought about by KSPP are made public, as opposed to grsecurity which (currently, at least) is only available to customers.
Due to a complicated series of events, Brad Spengler (developer of grsecurity) has had frequent rows with Linux developers, and the KSPP in particular. He sees them as plagiarizing his work, and they see him as attacking them needlessly. Whether or not this is true is irrelevant to the comparison.
In summary
