Dear Gentlemen,
I am taking this conversation not from the beginning, as it seems to be
now quite long.
Of course I understand various moral aspects of the discussion, no doubt
about that.
But I really think that Openssl acts as a kind of apolotical foundation,
and NOT as an association.
The difference is important :
in an association, the openssl organization WOULD REQUIRE some
constraints on its MEMBERS.
But acting as a foundation, this discussion is OUT OF SCOPE.
An example from the true life :
do you think that UNESCO or RED CROSS or RED CROISSANT do refuse money
from this or this country depending on its political orientation ?
On the contrary, as any non lucrative POLITICALLY NEUTRAL international
institution, openssl MAY ACT as a meeting point between parties,
contributors, that are basically far from each other...And somehow, it
is a GOOD thing if it helps people from different cultures to cooperate
and lower their level of distrust..
On the forums, I can see here many people from various countries ....
On another hand, I can often see some obvious hackers from POLITICALLY
CORRECT countries that just try to know how to create backdoors in systems :
So, what will "we" do : refuse some good people (and/or their money)
from not politically correct countries,
and accept bad people (and/or money) from politically correct countries ?
Absurd.
Absurd in fact in the sense that THE SAME way we CANNOT state on the
morality of INDIVIDUALS participating on the forums,
we can not, or at least we should not state on State or people from some
States ...morality.
I can hear some of you be hurt by this...but let me finish.
Then, if we accept money from everywhere AS WE ALREADY accept forum or
code contributions from EVERYWHERE,
there remains the problem of "publicity" ...
Well, this is simple : we SHOULD NOT MAKE ANY PUBLICITY for the donations.
I was thinking about an exception for individuals or some entreprises,
but forget it : at a time or another one individual or entreprise will
make us uncomfortable.
That way, we will see if there are donators interested in "open source
movement and code/knowledge sharing" for the progress of humankind,
or just by publicity....
BUT : you will FAIL if you think you CAN state about the morality or
honesty from that person/state or that other :
Will you one day try to investigate to know if that individual has paid
all his taxes in his country ?
No, you will not.
So :
Take the money without any publicity.
But...the 1st question is in fact ....: do you need money ?
If yes....take it and say nothing ; as UNESCO or RED CROSS/CROISSANT.
Another question anyway, from a basic contributor as I am (involved in
WCE port of openssl) :
How do I know that the foundation is really independant from States or
"BIG companies" (that are sometimes not really politically correct)...?
Maybe the list of contributors and amounts should be published annually
on some webpage in a "neutral" form,
WITHOUT any "golden" or "platine" award...
A good compromise I think...
Yours sincerely,
Pierre Delaage
Le 30/05/2014 22:22, Jakob Bohm a écrit :
On 5/30/2014 12:24 AM, Geoffrey Thorpe wrote:
...
The only way to to avoid any political overtones in such a situation (if
that really is your intention, because "doing the right thing" is not an
apolitical notion) is to blindly accept all comers or refuse all comers.
(Subject to the obvious outliers, ie. nothing criminal/illegal, no
conflict of interest, etc.) By erecting criteria beyond "no strings
attached" (which *is* a very explicit necessary condition), you are in
fact condemning yourself to the problem you are chastising us for.
I believe the additional criteria suggested would be "donor is not an
aspect of any government, military or intelligence organization,
anywhere". So for example DARPA, the USPS, the city of Munich and (a
few years ago) Northern Rock Bank would all be out of the question,
while IBM, Google, Samsung and Goldman Sachs would be OK.
Any intermediary organization would need to do more than just launder
the money. They would need to pool it with many other donations,
distribute to many other projects and give the donors no influence on
which projects benefit from their donations, thus obviously and
provably denying the donors even the appearance of a potential ability
to threaten to reward or punish a project via the purse strings.
Enjoy
Jakob
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
