Linux Foundation Announces A Core Infrastructure Initiative
Phoronix: Linux Foundation Announces A Core Infrastructure Initiative
The Linux Foundation has announced a multi-million dollar Core Infrastructure Initiative to fund critical open-source projects. The first project receiving money from this pool is OpenSSL...
Hmmm....OpenSSL, not LibreSSL? I thought OpenSSL was irrevocably broken?
It's clearly not LibreSSL. Linux Foundation should not accept the terms in which the investment is done; they have to protect the freedom of the libre community and they should administer that investment money in the projects they are genuinely and scientifically interested on. If all those companies have real interest in patching OpenSSL, they should bring their own developers to upload patches to the project. What I believe they are attempting is to control the interest of development for their own benefit.
Originally Posted by kaprikawn
The HeartBlead bug showed us that there was a lack of competition on SSL layer software. Too many considered OpenSSL the best even tough it had many disadvantages. And this is why ot became almost omnipresent.
OpenBSD will ensure that OpenSSL have some competition and the Linux Foundation will ensure that OpenSSL stand a change in this competition.
You can always argue that this should have happened long ago. But that argument won't fix anything.
They are fixing this now, and that is good.
Where the F is HP at?
Big names in the industry - but where the f is HP? They had over 30 bugtraq advisories last 2 weeks, all concerning the heartbleed bug. If there's anyone who should throw in monies to improve on OpenSSL it's definitely HP who takes it all, gives nothing back.
Just as i wrote - 4 more came in with the same heartbleed bug as the cause... HP, what's your game!?
Originally Posted by arabek
@Michael - might want to reach out to them for comment?
EDIT: for reference: http://insecure.org/search.html?cx=p...leed&sa=Search
Yes, please, give some money to the Xfce devs so they can work full time on it. And let's not forget Gimp, Inkscape, Blender, LibreOffice, Openshot, Wine and others.
Better development tools would be nice too. Something like Eclipse (a multi-purpose IDE) but without the bloat.
I agree. The OpenSSL people have been working on it as a side project for ages and got jack for gratitude. Minuscule amount of donations and rarely a though as long as it worked. In a way this problem highlighted this and now they get the proper attention.
Originally Posted by cutterjohn
The OpenBSD folks are just jumping the wagon of mixed publicity. It's good if they continue their fork as some competition is always good but it would be very a-holish to turn the back on the OpenSSL team who were working away with little gratitude for all this years.
We should at least give them the benefit of the doubt and see what they can accomplish with proper funding and the ability to focus on writing OpenSSL instead of consulting all the time to keep afloat.