Basically, through a combination of clever marketing and actual impact, Heartbleed hit the Open Source community HARD, and left most people in the Open Source Community asking two questions:
1. How did this happen?
2. How can we stop this from happening again?<p>LibreSSL and openSSLRampage is the OpenBSD response, and, it's absolutely in keeping with their character. I admire the "Fuck it, let's just fix this shit" attitude that goes along with it.<p>The Core Infrastructure Initiative is the Linux Foundation's response.<p>They're two valid ways of dealing with the problem. the LibreSSL way is more direct, targetted, and, in a way, satisfying, especially if you run OpenBSD, and can gain from these efforts relatively quickly.<p>The "Core Infrastructure Initiative" is looking at it from a more holistic perspective and saying: OK, OpenSSL was in trouble and nobody noticed, what other projects are in the same situation, and how can we prevent what happened to OpenSSL from happening to other projects.<p>Neither way is necessarily "The only right way", or even better than the other way. In fact, both approaches complement each other. OpenBSD fixes the actual current problem child, Linux Foundation is on the hunt for the next problem child
Holy crap, Microsoft donating to the Linux Foundation. Cats and dogs, living together. It's the end of days for real this time.<p>My one real question: How well has the Linux Foundation managed its money in the past? Are they going to be an effective steward of this fund?
As expected no Apple. I have always been fascinated how Apple gets a lot of developer love and yet is completely absent in most (all?) conference/event sponsorship, initiatives etc.
I hope that OpenSSH developers get some funding too. OpenSSH is clearly a core infrastructure, and they had financial difficulty in the past.<p>Mozilla Foundation once donated 10K USD to OpenSSH after OpenSSH's call for donation. Not many others did.
OpenBSD is great but it has its own agenda. Linux Foundation does have a Linux in it, maybe that tells something.
Plus, Libressl can pull in whatever changes future openssl will have. I think it's a win-win for both sides.
I used OpenBSD in the past, but nowadays it's all Linux for everything, from server to desktop to my cellphone.
So to get this straight, the Linux Foundation has responded to OpenSSL problems by creating a web page, a committee and are soliciting dollars from sponsors and grass roots?<p>OpenBSD responds by rolling up sleeves and fixing the problem.
I get the feeling that these companies are throwing money at trying to fix the problems (in other projects besides OpenSSL that are fundamental), and not talent/manpower.
Their web page says OpenSSL group is their first candidate for funding. It's puzzling that they would choose to fund such a corrupt and incompetent organization over LibreSSL, which is actually fixing the code and ultimately is what will actually be used.<p>Or maybe it's not so mysterious, the principle companies involved have a long record of benefiting from OpenSSH and never contributing to that either.
Looks like somebody is trying hard to prevent LibreSSL from becoming widely adapted.<p>> By raising funds at a neutral organization like The Linux Foundation, the industry can effectively give projects the support they need while ensuring that open source projects retain their independence and community-based dynamism.<p>I somehow can't imagine an organization named "Linux Foundation" to give money to OpenBSD and other non-Linux related open source projects.