On Mon, Dec 28, 1998, Mark Shuttleworth wrote:
> Before we get further into the debate, perhaps someone on the OpenSSL
> team, Mark Cox, Ralf Engelschall or Paul Sutton could clarify the
> following:
>
> 1. Who will take decisions on release objectives, code inclusion,
> feature sets, architecture, release timing and so forth? In the case of
> Linux we have Linus, in the case of Apache we have a broad group with no
> immediate commercial incentives. All three of you are effectively
> responsible for Stronghold, which is C2Net's primary product, so there
> could potentially be a conflict of interest.
All three? You mean two, because I'm not responsible for Stronghold (I'm a
totally independent pure private hacker and not under contract with C2Net).
> 2. Will all code, discussions, technical debates and patches be
> public, or only actual releases?
Yes, anything will be public: All discussions which will take place on
[EMAIL PROTECTED] (the developer list for technical debates and patches)
and [EMAIL PROTECTED] (the user support mailing list) are public;
everyone can subscribe to this list (and subscribers also can post). All code
changes are also public because every commit to the CVS repository occurs on
[EMAIL PROTECTED] And even the CVS repository itself will be
24h/day available via RSYNC and perhaps even with Anonymous-CVS (when I find
time).
> 3. If other well-established individuals joined the team would they
> get equal say and access? For example, Ben Laurie and Stephen Henson
> have both done a lot of work with SSLeay.
First, everyone can contribute by sending patches and will be credited for
this (there will be an explicit CREDITS file as for mod_ssl), the same way it
works for Apache. Second, individuals who contribute more can receive core
team status and this way have the same rights (voting) and access (shell
account on dev.openssl.org, CVS read/write access, etc.) as the existing
members (as it works for the Apache Group).
Although still not publically known, actually Ben and Stephen already received
this status because we're already agreed to merge the efforts into a single
project. Ben will send an announcement with more details the next days.
> 4. What effort is being made to ensure that "OpenSSL" does not turn
> into "C2Net SSL"?
That's simple: The whole environment is provided by me on my private machines
and I'm not under contract of C2Net or any other involved company (OpenSSL is
hosted on the same machine as other Open Source projects like mod_ssl, WML,
ePerl, etc. and is located in Zurich, Switzerland). The only relationship
between OpenSSL and C2Net is that first C2Net contributed the initial code
base (i.e. SSLeay 0.9.1b) and second, two developers of OpenSSL are employees
of C2Net. Nothing more and nothing less.
>[...]
> Personally, I think we need a strong established person to act as the
> "Linus", deciding what goes in and what does not. We also need people
> like Mark Cox and Ralf, who use the SSL toolkit heavily, submitting
> regular patches and ideas. The coordinator needs to be independent and
> fair, and well-known. I think Ben qualifies perfectly. Mark, Paul and
> Ralf are certainly capable of doing it, but I would be concerned that
> the project would struggle to keep its credibility as an "open" effort
> given their close links to C2Net and Stronghold, and given the tone of
> the recent announcement.
Currently I act as the coordinator because I'm currently establishing the
OpenSSL development environment. But because with Ben and Stephen the OpenSSL
project now has five people, it's a really fair team. And so the "C2Net is
controlling OpenSSL" is really not the case. And because from these people I'm
the only individual who is totally independent of any commercial stuff or
companies (I'm still at University and work only for a not-related ISP from
time to time) it's also ok when I act as the coordinator.
But remember, what goes into the code and what not depends not on the
coordinator. That depends on _ALL_ developers and their voting, of course. The
coordinator just keeps the environment running, pushed the members to do
something (especially releases ;-), etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
