> Ok, guys, let me point out a harsh reality here. As noted in an earlier > comment, FIPS 140-2 validation doesn't mesh all that well with the open > source world. > > Validation testing is expensive. The direct costs alone -- to pay the > test lab, for CMVP fees, for hardware and/or test lab travel expenses -- > can easily approach US$50,000 for a single validation. That's not > including a single dime for the hundreds of hours of labor by OpenSSL > and OSSI participants. > > So, each validation requires financial sponsorship. The financial > sponsors are all interested in helping to support open source in general > (otherwise they'd just do a "private label" validation for less cost and > hassle), but they do have specific requirements and deadlines. They are > paying the bill so their needs are the first priority for our efforts > and attention. If you want that same level of attention then feel free > to pony up (John Weathersby, [EMAIL PROTECTED], 601-427-0152 is the > man to call).
> I have a full time on-site day job, for clients who pay me on a regular > basis. They get my attention during the day. I also work evenings and > weekends for nil to minimal sporadic compensation, the same is true for > Steve Henson and the other OpenSSL team members who have done all the > heavy lifting with the source code. Anything that's left over I'm happy > to devote to the OpenSSL user community at large. Unfortunately, > there's just not much of me left over :-) > > Anyone who wants to volunteer their time to help out, please drop me a > line. Depending on your talents and level of commitment there's > probably some way you can contribute, on future validations if not this > one. Let me warn you first that the work is tedious, boring, > frustrating, and mind-bendingly surrealistic. There is a long "you're > kidding, right?" and "WTF?" learning curve... We're a paying OSS member (or at least we were, not sure if we were invoiced for a renewal this year). Also, we have made a financial contribution directly to Dr Steven Henson because of his efforts, we understand he is poorly compensated for all that he does. We're trying to help, but nothing more has been asked of us, we'd also like to contribute on a development or at least QA level as well, I just don't understand why this has been taken negatively. Thanks. -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
