Updated: Heartbleed bug force OpenBSD to fork OpenSSL

Here's an article on Ars Technica about Theo de Raadt,  the OpenBSD founder, creating a fork of OpenSSD

Well I guess they have good reasons, Open SSL supports ancient stuff like VMS and Windows32 API, and the US Govt ticks them off, so pulling FIPS sends an interesting message,  and above all, the code was in dire need of a major makeover.

After all, the  number of SSL libraries is pretty small, and OpenSSL is both standard in Linux distros and is FIPS, so it's kind of become the standard for developers, both inside and outside the DoD.

It does seriously annoy me that Cisco, Apple, Lockheed, GD, and other companies that make more money than most countries haven't given money to the OpenSSL foundation, but I honestly don't think forking it is best.

OTOH, maybe the DoD can ignore the fork, (as most of should do anyway in the short term - SGGRC) , and make sure the OpenSSL foundation gets the funding it deserves.

Perry

Update: Again from ARS  Linux Foundation wants to change that. The foundation today is announcing a three-year initiative with at least $3.9 million to help under-funded open source projects—with OpenSSL coming first. Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at least $100,000 a year for at least three years to the “Core Infrastructure Initiative,” Linux Foundation Executive Director Jim Zemlin told Ars.