Here's an article on Ars Technica about
Theo de Raadt, the OpenBSD founder, creating a fork of OpenSSD
Well I guess they have good reasons, Open SSL supports ancient stuff like VMS and Windows32 API, and the US Govt ticks them off, so pulling FIPS sends an interesting message, and above all, the code was in dire need of a major makeover.
After all, the number of SSL libraries is pretty small, and OpenSSL is both standard in Linux distros and is FIPS, so it's kind of become the standard for developers, both inside and outside the DoD.
It does seriously annoy me that Cisco, Apple, Lockheed, GD, and other companies that make more money than most countries haven't given money to the OpenSSL foundation, but I honestly don't think forking it is best.
OTOH, maybe the DoD can ignore the fork, (
as most of should do anyway in the short term - SGGRC) , and make sure the
OpenSSL foundation gets the
funding it deserves.
Perry
Update:
Again from ARS Linux Foundation wants to change that. The foundation today is
announcing a three-year initiative with at least $3.9 million to help
under-funded open source projects—with OpenSSL coming first. Amazon Web
Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft,
NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at
least $100,000 a year for at least three years to the “Core
Infrastructure Initiative,” Linux Foundation Executive Director Jim
Zemlin told Ars.
