On 05/29/2014 09:52 PM, Jeremy Gray wrote:
Ok, I accept the above apologies as I just want to express my worries. Yes, it was cynical - I used one line from Huwai, which triggered my response. The initial comment from the OpenSSL spokesperson about the "focused" interest of developers was also not forgotten yet. So, normally I do not react on those messages, but both combined was too good a chance to let it pass. Sorry if I caused some grief.government of North Korea... Even if no strings, it would damage the perception people have of OpenSSL just being associated with that entity. So, just be mindful of people's perceptions when accepting anything.+1. Dennis Rodman goes to North Korea and says its just basketball, not political. Everyone except him knows he was used. OpenSSL cannot metaphorically "go to North Korea" without damage to its brand -- especially now that real financial support is forthcoming. Perhaps donations that would come with a public-relations risk could be rerouted: gently declined with the suggestion that they be given no strings attached a 3rd party that *already* supports OpenSSL development, like the Linux Core Infrastructure folks. Public-relations risk is real. Avoiding conflicts of interest ("no strings attached") is essential but not enough--its best to avoid even the appearance of a conflict of interest. The psychological gains to be had from a donation are real--that's the motivation for making them. --Jeremy On Thu, May 29, 2014 at 3:04 PM, Nikola Vassilev <n...@greensoldiers.ca <mailto:n...@greensoldiers.ca>> wrote: Good on you for sending that apology. I thought it was inappropriate to label that commenter to dismiss his point of view. I also think Steve addressed his cynical comments well, the part about taking money from anyone as long as it comes with no strings attached is wrong, IMHO. That can be easily tested by imagining the worst possible source of money and it may be different for each person, but let's say it's the government of North Korea... Even if no strings, it would damage the perception people have of OpenSSL just being associated with that entity. So, just be mindful of people's perceptions when accepting anything. Nick -------- Original message -------- From: "Salz, Rich" __ Date:05-29-2014 07:02 (GMT-05:00) To: openssl-users@openssl.org <mailto:openssl-users@openssl.org> Subject: RE: Platinum Sponsorship by Huawei Frans, I apologize. My posting was a mistake. (I meant to cancel my posting, but instead my fingers hit control-return rather than escape.) I am sorry that, on the basis of one posting, I called you a troll, or implied that you had anything other than concern and interest in seeing the best possible outcomes. The only other thing I can say in my defense is that, if you look through the archives, you would hopefully see that I usually don't write that kind of message. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me <mailto:rs...@jabber.me>; Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org <mailto:openssl-users@openssl.org> Automated List Manager majord...@openssl.org <mailto:majord...@openssl.org>
Also, in light of recent events (NSA cs.)and accusations between two major players, it is not only political. I expressed the general fear of who we can trust. As it turns out, no single government can be trusted with our privacy and/or assume they are there for us. So when relying on software which can shield us (somewhat) from there intrusive behavior, any direct or indirect reference to governments are hard to defend to the general public.
Looking at the fork by the OpenBSD community and hearing them say "cleaning up" does not strengthen the believe in OpenSSL but rather in those who use the right words. So, OpenSSL has some damage control to do, more so after the words from the spokesperson.
As of the point of "not making it political". Sorry, politics is already involved. Some parliaments have been asking questions about the safety/privacy of citizens. I know that in the USA and many other countries privacy is not well guarded, but in Europe we are very conscious of that issue. High rankings civil servants and even ministers have fallen/been damaged in the past because they showed disrespect for privacy. Yes, I am working for a government who - in the past and currently again - has thrown out products of untrusted suppliers. One of them being .S. (fill in the dots). Alas, have them finally persuaded to look at OSS products, along comes a remark or certain sponsorship which destroys that fragile trust again.
Trust comes by foot and leaves on horseback. Trust comes by foot and leaves by car. Frans. (A very concerned global citizen). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
