Slashdot Mirror

← Back to Stories (view on slashdot.org)

GnuPG Gets Back On Track With Funding

Posted by Soulskill on from the pulling-together dept.

jones_supa writes: Soon after the poor state of the GnuPG was unveiled, the online community has rallied to help Werner Koch. He wanted to hire a full-time programmer to work on the project alongside him and to ensure that he's not living on the brink of bankruptcy all the time. Immediately after the article was published, it was revealed that he got a one-time grant of $60,000 from the Linux Foundation's Core Infrastructure Initiative. Also, the community donated over $150,000, and Facebook and Stripe have each pledged to provide $50,000 per year. All in all, it looks like Werner Koch won't be worried about funding for quite some time. The problem remains: it's very likely that other projects just as important as this one are probably facing the same kind of issues, but it would be nice to hear about them before they get in trouble, and not after.

4 of 51 comments (clear)

  1. Core Infrastructure Initiative by millert · · Score: 5, Informative

    This is exactly the kind of thing Core Infrastructure Initiative is meant to help with and I'm happy to see it being used for gpg. Anyone with an underfunded Open Source project that is in wide use can apply for a grant from http://www.linuxfoundation.org.... There's no need to wait until you are in dire straits.

  2. before they get in trouble, and not after. by Nutria · · Score: 5, Insightful

    Software in the Public Interest is in a unique place to act as an information clearing house, conduit and "amalgamator" for this problem.

    --
    "I don't know, therefore Aliens" Wafflebox1
  3. Re:OpenSSL, GnuPG, ... by Anonymous Coward · · Score: 5, Interesting

    GnuPG is a civilian crypto initiative. There are plenty of well-funded military crypto initiatives with highly-trained specialists who have amazing resources at their disposal. Civilians, not so much.

    Crypto is hard to do right, and it takes very, very specialized mathematical knowledge that takes resources and time to master but doesn't offer much in the way of careers in the civilian world. Most of the software development community focuses on other areas: they do their own things very well, but they don't have the math to implement good crypto on their own, which is why we have the mantra, "Don't try to roll your own crypto." In practical terms, that means that cypto software developers are a rare breed who have invested a lot in expertise that won't pay off for them in financial terms in the civilian world, but they're also indispensable.

    That makes them potential points of failure, since knocking out a few, by offering them incentives to work in other fields instead of their own or to weaken their crypto, means weakening the development community as a whole by slowing work on crypto libraries that can be used by the rest of the community. OpenSSL's failures have demonstrated that institutionalizing the point of failure to stabilize the resources available to a crypto programming group doesn't necessarily reinforce or remediate the potential point of failure. This is a big problem, one without an easy solution.

  4. Good use of /. by iritant · · Score: 5, Interesting

    Wow. That was an amazing thing the community did, and I have to believe slashdot helped. I think it would be great if there were a continuing thread on /. that just focuses on worthy projects that need help.