On 04/14/2014 03:01 PM, Benjamin Schulz wrote: > > Hello, > The openssl foundation writes here: > > https://www.openssl.org/support/acknowledgments.html > > ... > > So I think the openssl foundation should take some measures that perhaps may > help to scare intelligence agencies away from openssl in the future. > > > Could the openssl foundation add official rules that ...
This has already been ably addressed by another commenter, but I'll make three comments: 1) OSF has as its singular purpose the objective of *relieving* those who do the heavy lifting on OpenSSL from financial worries and temptations. Any of the OpenSSL team could earn a lot more money elsewhere for the hours they spend on OpenSSL. Frankly I find it ludicrous to think that any of them could be bribed to deliberately corrupt OpenSSL. 2) As the paper-shuffler for OSF I will consider revenue from any source. It was my hope from the beginning that the bulk of that revenue would come from software support contracts, which carry no obligation to code anything at all. Those are becoming a larger portion of our revenues, but in the meantime most revenues come from "work-for-hire" commercial contracting. That will continue until such time as there is a better alternative. 3) It is the consensus and (unwritten) policy of the OpenSSL team that U.S. citizens do not have commit access to the OpenSSL code repository. Even though I am a U.S. citizen I agree with that policy, for three reasons: 1) given recent events the issue of perceptions does matter, we don't need that distraction, 2) U.S. export controls make it challenging for U.S. citizens to work on cryptography (BTDT myself), 3) it gives me a handy excuse to avoid admitting that I'm not smart enough to work on the code. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
