On 5/30/2014 11:03 PM, Geoffrey Thorpe wrote:
Oh I see.
OK == arbitrary private institutions with no representative or
ideological constraints other than the limit of the law. (And even then...)
More importantly: With an obvious self-interest in protecting themselves
against wiretapping rather than performing it.
Not OK == institutions that are (in theory at least) representative of
nations/countries/states and that are (in theory at least) accountable
to their people.
Under the no-Gov/Intelligence agency funding rule, not under all rules.
Governments, whatever their form, have the daily responsibility of
protecting a territory and its population against specific threats
(such as criminals and enemy armies), which makes it necessary for
them to employ and work closely with professional investigators of
some kind, with the explicit capability of wiretapping the "bad"
people as a daily need of those investigators. Therefore
governments, by their very nature, will have an fundamental desire
to limit the anti-wiretapping technology available to their enemies
(and, by unfortunate necessity, the worldwide general public).
Most (not all) private institutions, whatever their other failures,
do not have this property, since they tend to rely on governments
to hunt down criminals, focus more on direct protection (such as
encrypting their own communications), and may from time to time
have something they want to hide from governments, including their
own.
There are of cause some wholly private entities that do resort to
wiretapping etc., or have some other fundamental anti-security
interests.
In other words, governments are the natural home of the necessary
evil of spying on bad people, hence they are unlikely to be aligned
with the interests of a worldwide public crypto project.
And of course;
* It's straightforward to ensure that there is no blur between those
categories.
Well the bigger the contribution, the less the tolerance for shades of
Gov/Spies. So at the Platinum level, a company with a significant
government ownership would be problematic.
* This categorisation is essential to the mission of any open source
crypto project.
Well OpenSSL / SSLeay was specifically created to avoid the largest
government restriction of its day (US export limit of 40 bit strength).
* Supranational corporations are the only way to be sure that the
motives are altruistic and impartial.
o On the strict condition that such a private institution has no
dealings with the public sector, otherwise they're ipso facto
subversive.
No, that is taking it to the absurd level of self-contradiction.
Is that what you're trying to say, more or less?
If so, I must have gotten lost somewhere along the way. Or perhaps
you're channeling Sarah Palin? Those seem like the sort of things she
might say.
Not siding with (Ex?) Gov. Palin or any other specific political side
in this. I am not against governments (and their spies) in general,
just noting that OpenSSL is not a place I want them to meddle.
If you think there is no reasonable potential for political or nefarious
behaviour in the corporate culture then nothing I can say is likely to
change your mind. But you might want to read up a bit on Goldman Sachs
(and many others) before drawing too many favourable comparisons between
them and, say, elected bodies. (Though who am I to judge? If Goldman
Sachs want to contribute to open source too, they will get no argument
from me.)
At least two of the company examples were specifically chosen for known
nefarious actions not linked to Gov/Spies, to emphasize the point that
there might/should be other rules against some classes of donors. As a
matter of neutrality, I am not saying which company examples.
Thanks for making your opinion known, in any case.
Cheers,
Geoff
On Fri, May 30, 2014 at 4:22 PM, Jakob Bohm <jb-open...@wisemo.com
<mailto:jb-open...@wisemo.com>> wrote:
On 5/30/2014 12:24 AM, Geoffrey Thorpe wrote:
...
The only way to to avoid any political overtones in such a
situation (if
that really is your intention, because "doing the right thing"
is not an
apolitical notion) is to blindly accept all comers or refuse all
comers.
(Subject to the obvious outliers, ie. nothing criminal/illegal, no
conflict of interest, etc.) By erecting criteria beyond "no strings
attached" (which *is* a very explicit necessary condition), you
are in
fact condemning yourself to the problem you are chastising us for.
I believe the additional criteria suggested would be "donor is not an
aspect of any government, military or intelligence organization,
anywhere". So for example DARPA, the USPS, the city of Munich and (a
few years ago) Northern Rock Bank would all be out of the question,
while IBM, Google, Samsung and Goldman Sachs would be OK.
Any intermediary organization would need to do more than just launder
the money. They would need to pool it with many other donations,
distribute to many other projects and give the donors no influence on
which projects benefit from their donations, thus obviously and
provably denying the donors even the appearance of a potential ability
to threaten to reward or punish a project via the purse strings.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
