Mozilla Foundation Donates $10K to OpenSSH

eklitzke writes to tell us the OpenBSD journal is reporting that the Mozilla Foundation is donating $10,000 USD to the OpenSSH project. This comes as good news after the recent reported financial troubles from the OpenBSD and by extension the OpenSSH team. It seems that quite a few people have answered the call for aid made by OpenBSD's de Raadt.

Re:Contribution made to OpenSSH or OpenBSD?

[dmorelli]

This is going directly to Theo's "free as in beer [samsclub.com]" fund.

This should not be modded "Troll" It's clearly "Funny"

Re:Let's hope

[LWATCDR]

Not going to happen. Theo's ego would never allow him to turn that over to someone that could raise money effectively.
I just hope that the OpenSSH project gets spun off soon. It would get funded by Red Hat, SuSE, IBM, and goodness knows how many other vendors.

Mozilla - "OpenSSH" - Beer! Laundry Time!

It's not surprising that large businesses won't donate to "OpenBSD" or "OpenSSH"; just look at the project's donation pages and see who you have to write the checks to. That's right, "Checks made out to OpenSSH cannot be deposited"; you are giving your money to Theo personally.

Now, you don't have to ask around much to find out how that money is handled. Hell, some of it seems to literally go under his mattress. What's it get spent on then? Maybe OpenBSD, maybe beer and a giant new SUV; how do you really know? A charity would be required to do actual bookkeeping about its donations, but then again maybe now it's a little more clear why OpenBSD isn't a charity, unlike all the other major open-source projects.

A question worth asking: is it legal for Mozilla Foundation, a 501(c)3 charity, to give donations other people made to *it* to Theo personally, when they know (or would have to be negligent to not know) how the money will be handled when it gets there -- that there is no guarantee it will actually be spent to further MozF's charitable purpose?

If they're essentially laundering money for a non-exempt entity (heh, "entity"; I guess a person and his beer fund are an "entity") MozF could get in a lot of trouble. It's not hard to see why more careful donors steer clear.

(Of course, what do you really expect from a project^H^H^H^H^H^H^H^H^Hbeer fund whose principal fund-raising tactic is to threaten to abandon this or that unless you send cash to the *person* in charge? None of the other major open-source projects do that either. Go figger. Sigh.)

Re:Good for Mozilla.

[jschrod]

So because it is something 'you' want to do specifically it should be added to the source tree for openssh

I have never written that. Please don't put words in my mouth.

I have taken exception to the argument that reactions to ssh attacks are purely a firewall issue and have nothing to do with the ssh server framework itself. This is an ssh issue. Yes, it is open to the developers to tell that they don't want to implement it for other reasons, but no, deferral to perimeter defense (i.e., firewall) ain't no solution.

And if you look how often the issue of ssh attack protection comes up on regular user email lists of distributions, then it is an issue for many people. E.g., on the suse-linue-e list, it comes up at least every two months, and has long threads every time. Thus, it is a concern that is shared by many people.