If it's worth spending a dollar to audit software, it's worth spending a dollar to keep that project alive and show the developer you care. I think one way would be to match every single audit donation with a donation to the upstream developers. How can we ensure security in open-source software without driving the developers away in the future? If you were the developer of a project that you knew was solid, and you knew had no backdoors, how would you feel about people essentially maligning you being able to generate more cash than you've ever seen for your side project? That'd make me want to quit too.Īt the end of the day, which is more preferable - a TrueCrypt that was never audited professionally, or a TrueCrypt with active developers? Funding this audit required ~$65k in donations, probably more than the Truecrypt project ever saw. ![]() The Truecrypt developers supposedly left because it wasn't interesting/fun for them anymore. I think the interesting lesson from this is less about crypto, more about free-software projects and how to grow them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |