Broken Bridge: A discussion of the contributions to OpenSSL

Original address: http://weibo.com/p/1001603807898651234735
After turning to the "invisible comrade" of the interface, many friends and followers forwarded me Horon's critical article, "The distorted open source software and the true history of OpenSSL," and claimed: This is the article that really speaks of open source software. You have to see. In fact, I saw it before it was transferred to me, and replied to the questions mentioned in that article as follows:
1. Open source organizations cannot survive without donations, it is a business model.
The vast majority of open source organizations need donations to survive, and it is a business model based on a group of donors and cultures. Of course, not "all". The authors cite examples of Redhat. This example is not appropriate, it is a small number of technical work of the dealer, its profit is based on tens of thousands of voluntary, non-profit, need to donate Linux and its applications, protocols, driver developers and development groups.
Steve, the head of the 2.OpenSSL Foundation, said they had almost $1 million in business consulting projects (funded by the U.S. Department of Defense and DHS) for up to a year, which was a pretty good situation.
This is a mistranslation, and getting close to 1 million a year is a fact. But this is accidental income, not enough to support the salary of 11 programmers. Not to mention the U.S. Department of Defense and Homeland Security has allocated nearly 1 million a year to them. The original source of information is the Wall Street (Harmony) daily Internet Security relies on Very Few. The title has already explained the problem, I will not say more.
3. "Invisible comrade-in-arms" this article tries to make ordinary Internet users feel guilty about OpenSSL, accusing ordinary users of never paying them, this kind of moral kidnapping. Any user who uses OpenSSL is helping the organization gain market share and gain a greater advantage in the competition, and users have already contributed, whether or not they have made a direct donation to them.
I would like to translate: "Although I use your open source software did not pay any fees, you did not push me any ads, but as long as the use of your free software, I have contributed to you, because you gain market share AH." "Oh ah, I reserve the opinion of this." Because debating this is boring.
4. Why is OpenSSL receiving only $ thousands of a year for this project? The answer is simple, because they have never had a fundraising campaign. ...... Wikipedia has a fixed period of time each year, will be placed on the site very obvious funding announcements, set the annual budget goals, let everyone donate. When the amount is reached, the donation stops and no longer accepts more. Almost all open source organizations will raise donations in this way.
Like other open source organizations, fundraising announcements have been posted on the OpenSSL homepage. I don't know what I mean by "no fundraising activities". Wikipedia is a very bad example, because Wikipedia itself is a huge traffic channel, and almost no open source software can have a similar channel to fund-raising. If the author wants to say "not able to engage in fundraising activities", or "not able to raise money", and his criticism of "not raise money" is not a meaning, synonymous with repetition.
5. For the OpenSSL project, it is easy to raise funds, they only need to send a notice of fund-raising, the money of major enterprises can be immediately available.
The brain is big. Man, Steve's not a fool. Good, if a notice can collect money, you do not do.
6. The invisible Warrior says that the code of the grassroots programmers is "disgusting", in fact, Theo de Raadt, who is the founder of the OpenBSD project, is not a "grassroots programmer," but one of the best computer scientists in the field of operating systems.
"Grass-roots programmer" refers to "low-level coder", does not mean the poor level of the primary code farmers. The original text never said that OpenSSL's code is not bad.
7. This project is not a matter of money at all, but a matter of management style and community culture. Compared to other projects, it is even more frustrating to have a full-time developer and chairman of a full-time foundation who can respond so slowly. ...... In addition, the process of releasing a "heart Bleed" vulnerability in OpenSSL is also problematic.
These paragraphs say that OpenSSL is primarily a "management problem", not a "money problem". In fact, please good management staff to ask for money. Some programmers may be natural managers, but this is rare.
The above is my criticism of this article. But I think the gist of this article is good. Repeat:
As a media, you should not just use feelings to render some cases, better articles are focused on the entire industry. Nor should the other more important contributors be overlooked, producing "a small Chinese company that has saved the world's Internet" from the wrong reading effect.
As a donor, you should have a basic understanding of the projects you donate, use your precious resources with caution, and don't walk behind the media. Get the best configuration for your resources.
So I think this article is valuable. To provide links to you: http://www.tmtpost.com/194221.html