Slashdot Mirror


GnuPG Gets Back On Track With Funding

jones_supa writes: Soon after the poor state of the GnuPG was unveiled, the online community has rallied to help Werner Koch. He wanted to hire a full-time programmer to work on the project alongside him and to ensure that he's not living on the brink of bankruptcy all the time. Immediately after the article was published, it was revealed that he got a one-time grant of $60,000 from the Linux Foundation's Core Infrastructure Initiative. Also, the community donated over $150,000, and Facebook and Stripe have each pledged to provide $50,000 per year. All in all, it looks like Werner Koch won't be worried about funding for quite some time. The problem remains: it's very likely that other projects just as important as this one are probably facing the same kind of issues, but it would be nice to hear about them before they get in trouble, and not after.

2 of 51 comments (clear)

  1. Re:OpenSSL, GnuPG, ... by Anonymous Coward · · Score: 5, Interesting

    GnuPG is a civilian crypto initiative. There are plenty of well-funded military crypto initiatives with highly-trained specialists who have amazing resources at their disposal. Civilians, not so much.

    Crypto is hard to do right, and it takes very, very specialized mathematical knowledge that takes resources and time to master but doesn't offer much in the way of careers in the civilian world. Most of the software development community focuses on other areas: they do their own things very well, but they don't have the math to implement good crypto on their own, which is why we have the mantra, "Don't try to roll your own crypto." In practical terms, that means that cypto software developers are a rare breed who have invested a lot in expertise that won't pay off for them in financial terms in the civilian world, but they're also indispensable.

    That makes them potential points of failure, since knocking out a few, by offering them incentives to work in other fields instead of their own or to weaken their crypto, means weakening the development community as a whole by slowing work on crypto libraries that can be used by the rest of the community. OpenSSL's failures have demonstrated that institutionalizing the point of failure to stabilize the resources available to a crypto programming group doesn't necessarily reinforce or remediate the potential point of failure. This is a big problem, one without an easy solution.

  2. Good use of /. by iritant · · Score: 5, Interesting

    Wow. That was an amazing thing the community did, and I have to believe slashdot helped. I think it would be great if there were a continuing thread on /. that just focuses on worthy projects that need help.