TechEcho

9 comments

computerabout 11 years ago

> "IBM, Microsoft, Facebook, Google, others pledge $3.6 million to fund OpenSSL (arstechnica.com)"The title of this submission is incorrect. The funding goes to the general fund, not specifically to OpenSSL.Here's the press release this article is based on:<a href="http://www.linuxfoundation.org/news-media/announcements/2014/04/amazon-web-services-cisco-dell-facebook-fujitsu-google-ibm-intel" rel="nofollow">http://www.linuxfoundation.org/news-media/announcements/2014...</a>And here's the actual initiative:<a href="http://www.linuxfoundation.org/programs/core-infrastructure-initiative" rel="nofollow">http://www.linuxfoundation.org/programs/core-infrastructure-...</a>Discussed here:<a href="https://news.ycombinator.com/item?id=7639835" rel="nofollow">https://news.ycombinator.com/item?id=7639835</a>

评论 #7641100 未加载

评论 #7641098 未加载

zdwabout 11 years ago

If they funded OpenBSD's project portfolio (including LibreSSL), they'd get a heck of a lot more out of it for their money.

评论 #7640009 未加载

评论 #7640179 未加载

romanovcodeabout 11 years ago

OpenSSL source code is a disaster. It's spaghetti that doesn't do what you think it does with horrible documentation. People submit patches from people they don't even know and then you have it: An SSL library that is flawed but everyone is using it. An spying agency and hackers dream.We don't need OpenSSL, we need another library built from scratch with very clean code and documentation.Everyone who has more interest on why OpenSSL is a catastrophe should watch operation ORCHESTRA[0].[0] <a href="https://www.youtube.com/watch?v=fwcl17Q0bpk" rel="nofollow">https://www.youtube.com/watch?v=fwcl17Q0bpk</a>

评论 #7640662 未加载

评论 #7640862 未加载

midas007about 11 years ago

This comes off as a few companies trying to throw money at a rotten crypto lib, when only leadership like Theo's way (minimalism, dropping features) would have a prayer of rescuing it. So giving OpenSSL more money doesn't make sense, it's like rewarding failure because they've shown an inability to produce good code or maintain it well... More money won't help that, likely the opposite. Instead, TLS WG needs to get their act together and reduce their addiction to feature creep, release a reference library and comprehensive test suite. Then OpenSSL might have a chance after picking up a compass and a map and get back to some semblance of being a decent crypto lib, but more money is unlikely to solve this issue.

mikecbabout 11 years ago

This, along with Google and others devoting employees like Neel Mehta to it should go a long way.

Nanzikambeabout 11 years ago

They're throwing good money after bad pretty much. IMO they should fund LibreSSL + OpenBSD + OpenSSH, bound to get more bang for buck.

prohorabout 11 years ago

WOW! Never thought there is just one person devoted to a library that we rely to bring security to us all. Community is great but still some more dedication is needed in parts which are essential for security. Glad to see that some took it seriously.

pyvpxabout 11 years ago

how about they each chip in $10K each year for OpenSSH?

评论 #7640521 未加载

leccineabout 11 years ago

Wow, with this money they could just rewrite that thing and get the source audited and tested.