[Cryptography] Cue the blamestorming
Theodore Ts'o
tytso at mit.edu
Fri Apr 18 07:52:25 EDT 2014
On Fri, Apr 18, 2014 at 01:12:06AM +0100, ianG wrote:
>
> Right now the dev team faces a dual pincer movement. The volunteers are
> too scared to make the radical changes that are needed to keep up with
> developments, and the businesses out there are busily strip-mining the
> team for developers. This ensuring no independence and a facade of open
> source, as we've seen with other notable corporate-controlled programs.
It would be nice if we could start instituting an industry standard
that when a company hires a "core" developer for an open source
project, they get to spend 50% of their time working on "community
stuff". That way, in addition to adding features that their company
wants (i.e., smart cards, GOST algorithms so they can sell into the
Russian market, yadda yadda yadda), there is also some time that
people can spend doing the necessary code cleanup that a company might
not otherwise be willing to invest engineering resources to do.
I negotiated such a deal when I joined Google, and the Samsung Open
Source folks have made that a general policy, since they're trying to
rapidly build up a team of senior open source folks. So there
precedence for something like this; the trick is to see if we can get
this to be more widely adopted, and turn it into an expectation that
the open source leaders of various projects, whether they be crypto or
security related or not, have when it comes time to hiring
negotiations.
Cheers,
- Ted
More information about the cryptography
mailing list