Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453710
To view parent comment, click here.
To read all comments associated with this story, please click here.
_txf_
Member since:
2008-03-17

Did you actually read what he wrote instead of imagining what he didn't write?

He did not say that open source developers don't get paid. Just that Closed source companies have incentives to improve their code.

Red Hat has incentives to make sure that the code they ship is good. The difference is that the burden on maintaining and fixing the code isn't solely Red Hats responsibility.

A closed source company has sole responsibility for their code, theoretically they should be more paranoid therefore paying people to ship and check good software.

Where Red hat has to build trust and in turn trust the community for the software it supports, the closed source company has to put developers/money on the code to fix/maintain.

Both can be better or worse. in OSS less popular software has fewer eyeballs checking the source, In closed source a company has to put competent people because they can't make up the diversity and volume of eyballs that a OSS project has.

Reply Parent Score: 3

TheGZeus Member since:
2010-05-19

Did you actually read what he wrote instead of imagining what he didn't write?

From the original post: "In open source, nobody has that incentive."

So, back atcha.

Reply Parent Score: 2

_txf_ Member since:
2008-03-17

I suspect that they meant there is no external incentive for anyone to ensure that there is code quality. But In OSS there are people self-incentivised to fix code (often which OSS companies hire to ensure code quality).

I agree that it does read differently from what I put above. But truth is pretty much self evident as there is some high quality secure OSS software around.

Reply Parent Score: 2