Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday April 24 2014, @04:50PM   Printer-friendly

It's often said that "you get what you pay for", but when it comes to free software, this doesn't apply. You often get a lot more. However, you do get what someone pays for. Software development takes time and money, and without substantial donations, sponsorship, etc., a free-software project will be limited to what volunteers can achieve in their own time.

According to an article in Ars Technica, the security software OpenSSL has one full-time employee and receives about $2000 a year in donations. It's therefore not surprising that bugs aren't always caught before they cause problems.

Based on the recent, and serious, "heartbleed" bug, this state of affairs needs to change and, according to that same article, is about to change. The Linux Foundation is launching the Core Infrastructure Initiative with some decent financial backing. "Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at least $100,000 a year for at least three years".

OpenSSL will not be the only project to receive a share of this money, but it was the inspiration for the initiative and will be the first under consideration. The funding will "not come with strings attached", according to Linux Foundation Executive Director Jim Zemlin.

One could argue it's much cheaper to support something like OpenSSL than to clean up the mess when a small and underfunded team fail to catch important bugs in a timely manner.

Which other projects would be cheaper in the long run (for all concerned) if they received more financial support?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by frojack on Thursday April 24 2014, @05:13PM

    by frojack (1554) on Thursday April 24 2014, @05:13PM (#35671) Journal

    True, but his code should have been checked by peers. That didn't happen.

    Theo de Raadt of OPENBSD has already taken it upon himself to clean up OpenSSL and has stated he doesn't expect to need much help. I can't think of a better bunch to handle this, and would trust his fork more than the original. OpenBSD are security fanatics. [zdnet.com]

    While I do believe that there needs to be more support for these critical projects, I'm not sure throwing it into the hands of a new group.

    Of course, I have no problem with having a couple competing stacks available to choose from.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Moderation   +4  
       Interesting=2, Informative=1, Underrated=1, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by edIII on Thursday April 24 2014, @06:38PM

    by edIII (791) on Thursday April 24 2014, @06:38PM (#35718)

    What pisses me off is that there is at least the possibility that money might have solved the issue with a new hire. Just one more guy reviewing the contributions and managing things with a different set of eyes.

    Just throwing money at it can be simplistic, but I've suggested to clients and people benefiting from FOSS to give a donation. I had one client where it literally became his backbone for his major service, and he couldn't be bothered because it was free in the first place.

    As for myself I've given donations here and there, but maybe we can all do a little more. FOSS is pretty damn important, even if only competition in the marketplace.

    I've heard about OpenSSL for years but never donated. I think if even 10% of the user base donated a $1 it would be a lot higher than $2000 per year. That one guy must be retired or rich because $2000 doesn't go a long way.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 3, Interesting) by frojack on Thursday April 24 2014, @07:17PM

      by frojack (1554) on Thursday April 24 2014, @07:17PM (#35730) Journal

      Well what you say is true, but the problem is that Linux is made up of literally hundreds of projects, and donating to all of them becomes a nightmare.

      So I donate to those projects where I have been helped by the developers personally, rather than indiscriminately throwing donations to nebulous groups.

      Excretion: For many years I always bought boxed sets of my favorite Linus distro (opensuse), just to support them. However it turns out they actually receive little if any of these funds. The Linux foundation seems rather guarded as to what they do with funds.

      Its pretty hard, in many cases to even find out HOW to donate to projects. Things like KDE seem mostly interested in donations of hardware (real or virtual) bandwidth, and also to have companies employing developers and keeping them on the payroll but not demanding much of their time for company work.

      --
      No, you are mistaken. I've always had this sig.