On February 23, 2004 05:57 pm, Chris Brook wrote: > I suspect that there will shortly be plenty of interest, at least on > the U.S. side, as the US Gov and DoD in particular are pushing hard > into the world of PKI. That means compliance testing of all the path > processing stuff which of course includes the policies and constraints > aforementioned. So if you are feeling motivated....... > Chris [snip]
Speaking as a developer who is already gainfully employed and not particularly implicated in the X509/PXIX side of things, I can with relative impunity (IMHO) pass the following commentary; If this really is important, what organisations would fund the work? I ask simply because I know that despite the best efforts of some to find the time and energy to work on worthwhile development, maintenance, porting, testing, documentation, [etc], there would certainly be more time and less stress if some of the commercial interests who benefit from this project were prepared to step forward and offer some assistance to it. W.r.t. the case in question, I can assure any commercially interested parties that financially minor gestures on your part to identify appropriate persons, sponsor and mobilise development work, and generally "get involved" on these initiatives would yield major progress. For my part, I'm pretty fortunate - even though my professional responsibilities do not permit me to work on openssl nearly as much as I'd like. Like everyone else I do what little I can, whenever I can. However, some other developers who would gladly dedicate time to constructive openssl development are not just scratching together time and motivation amidst other activities, they are in fact precariously balancing such efforts against the search for employment, contracting, or sponsorship. I am sure I am not just speaking for "recognised" openssl developers either. When a project is increasingly kept alive by such limited and occasionally desperate efforts, yet continues to form a structurally critical foundation to so many large commercial infrustructures (and now, presumably, commercial products with aspirations to winning government contracts), a few bean-counters in a few companies should be asking themselves some fairly searching questions. Every microsecond of every day, businesses around the world depend in a financially impressive way (perhaps without knowing it) on the correct functioning of openssl and on a coordinated and responsive project behind it to address any issues. Yet the number of companies who have approached this project with enquiries of how they might help/contribute to its well-being could be counted on the fingers of one foot. Bleat over - and back to my paid (and only passingly openssl-related) employment. Best of luck to those developers who'd like nothing more than to just improve the code without worrying about basic livelihood issues. And even more luck to the companies and organisms who ungenerously base their operations on the goodwill and dwindling resources of unpaid experts. Regards, Geoff PS: Chris, this isn't addressed at you at all - your observation is perfectly valid. This post had been brewing for a while, you just reminded me to go ahead and bleat it. -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
