Search Mailing List Archives
[liberationtech] About "Confide"
jancsika at yahoo.com
Sat Apr 26 19:54:10 PDT 2014
On 04/26/2014 09:33 PM, Shava Nerad wrote:
> Security software isn't like a lot of open source projects. Generally
> there have to be narrowly controlled commits, well reviewed. Those
> people are experts who may have a lot of other demands on their time
> that are far far more monetarily rewarding if the project is
> un(der)funded. So they are rare altruists, and we often burn out our
> I am not trying to compare these projects to closed source projects. I
> am trying to compare them to FOSS hubris.
> The idea that we have, that the NGO sector has, that there is inherent
> virtue in poverty and inherent evil in gaining enough resources to be
> well resourced for the work available.
> We need to get over that aspect of this whole thing. Ideally, in my
> opinion, we need well organized well resourced groups with less
> politics and less fashion-driven ideals. I have no problem with free
> software and open source -- I have worked with a number of projects
> over the years in various roles. I was the original publicist for FSF.
> But if we always are comparing ourselves to closed source projects,
> then we are not able to own either our own native strengths or the
> vulnerabilities in our own working culture. We glorify doing more
> with less to an excess. It's not always appropriate, in extremis, for
> every project.
> Security projects are at a huge disadvantage in an environment of
> impoverished resources. Any one of you should be able to run that
> risk analysis. Open or closed, under-resourced projects will be at
> greater risk. Period.
> We should evaluate how the environment around a project -- funding,
> development, research attention, use in greater communities -- leaves
> it more or less prone to exploit attention being more likely than
> community maintenance.
> Because at root (pun possibly intended), some of the balance may be
> coming down to the size of the pool of hackers focused on the code
> with either intent.
> It's a buyer's market out there. I don't make the news. But it does
> make me ponder.
> This seems like a hard problem, to me. Tell me, what is it that I
So in a nutshell you want to focus on the word _insufficient_ in the
sentence, "Free software is a necessary but insufficient prerequisite
for secure software." If that's the upshot then I understand and agree
with your focus.
More information about the liberationtech