科技回声

9 条评论

computer大约 11 年前

> "IBM, Microsoft, Facebook, Google, others pledge $3.6 million to fund OpenSSL (arstechnica.com)"The title of this submission is incorrect. The funding goes to the general fund, not specifically to OpenSSL.Here's the press release this article is based on:<a href="http://www.linuxfoundation.org/news-media/announcements/2014/04/amazon-web-services-cisco-dell-facebook-fujitsu-google-ibm-intel" rel="nofollow">http://www.linuxfoundation.org/news-media/announcements/2014...</a>And here's the actual initiative:<a href="http://www.linuxfoundation.org/programs/core-infrastructure-initiative" rel="nofollow">http://www.linuxfoundation.org/programs/core-infrastructure-...</a>Discussed here:<a href="https://news.ycombinator.com/item?id=7639835" rel="nofollow">https://news.ycombinator.com/item?id=7639835</a>

评论 #7641100 未加载

评论 #7641098 未加载

zdw大约 11 年前

If they funded OpenBSD's project portfolio (including LibreSSL), they'd get a heck of a lot more out of it for their money.

评论 #7640009 未加载

评论 #7640179 未加载

romanovcode大约 11 年前

OpenSSL source code is a disaster. It's spaghetti that doesn't do what you think it does with horrible documentation. People submit patches from people they don't even know and then you have it: An SSL library that is flawed but everyone is using it. An spying agency and hackers dream.We don't need OpenSSL, we need another library built from scratch with very clean code and documentation.Everyone who has more interest on why OpenSSL is a catastrophe should watch operation ORCHESTRA[0].[0] <a href="https://www.youtube.com/watch?v=fwcl17Q0bpk" rel="nofollow">https://www.youtube.com/watch?v=fwcl17Q0bpk</a>

评论 #7640662 未加载

评论 #7640862 未加载

midas007大约 11 年前

This comes off as a few companies trying to throw money at a rotten crypto lib, when only leadership like Theo's way (minimalism, dropping features) would have a prayer of rescuing it. So giving OpenSSL more money doesn't make sense, it's like rewarding failure because they've shown an inability to produce good code or maintain it well... More money won't help that, likely the opposite. Instead, TLS WG needs to get their act together and reduce their addiction to feature creep, release a reference library and comprehensive test suite. Then OpenSSL might have a chance after picking up a compass and a map and get back to some semblance of being a decent crypto lib, but more money is unlikely to solve this issue.

mikecb大约 11 年前

This, along with Google and others devoting employees like Neel Mehta to it should go a long way.

Nanzikambe大约 11 年前

They're throwing good money after bad pretty much. IMO they should fund LibreSSL + OpenBSD + OpenSSH, bound to get more bang for buck.

prohor大约 11 年前

WOW! Never thought there is just one person devoted to a library that we rely to bring security to us all. Community is great but still some more dedication is needed in parts which are essential for security. Glad to see that some took it seriously.

pyvpx大约 11 年前

how about they each chip in $10K each year for OpenSSH?

评论 #7640521 未加载

leccine大约 11 年前

Wow, with this money they could just rewrite that thing and get the source audited and tested.