Paul Sutton (paul@c2.net)
Mon, 28 Dec 1998 14:20:38 +0000 (GMT)
On Thu, 24 Dec 1998, Rodent of Unusual Size wrote:
> I'm sorry, folks, but this sounds more like self-interest than
> public interest to me. 'We do SSL for a living, so we're in charge.'
There is I am sure an element of self-interest in almost everyones
contribution to an open source project. Whether that self-interest is "to
use this to make money" or "to learn good programming and communication
skills" or "to gain ackowledgement and respect of my peers" is rather
beside the point: the point is that provided that self-interest in
_compatible_ with the public interest, everyone wins.
In this particular case, I think it is in the self-interest of a range of
companies and individuals that there is an on-going development of SSLeay.
And of course that includes C2. But you suggest that this is incompatible
with public interest, which is a statement that interests me. There are
lots of companies which have their own commercial implementations of SSL.
Are these companies better at working with free software than C2 simply
because they don't bother? Is it not better to encourage companies to work
with free software development efforts, because that results in better and
more acceptable free software?
> Not so much protecting the SSLeay package and technology, but
> the investment made in it. Perhaps that's not the intent, even
> behind the scenes, but that's certainly how it comes across to me.
> Wanting to wait to announce until they 'had a release finished
> with some significant added functionality' supports this impression.
I guess there is always a trade off between announcement something prior
to having anything concrete to show, and announcing once something is
ready. The advantage of the former is you get to appear to be the first
and most committed, but the disadvantage is that you have no substance to
back-up your claims. The advantage to the latter is you annoucement
something that is available straight away for users, but the disadvantage
is that in the meantime someone else might take the first approach. Is the
former better? I guess in your opinion it is, but I am not convinced that
it is as simple as saying that the first person to announce something must
be the best person to continue it.
> I also find it troubling that C2Net has (or intends to) switch to
> mod_ssl for the SSL portion of Stronghold. That certainly sounds
> like a conflict of interest for Ralf/C2Net to me.
If C2 uses any code it is under the terms and conditions of the license
for that code. mod_ssl has a clear license. Why would there be a conflict
of interests here?
> Unless someone backs down (and IMO it should be C2Net et al.
> due to Ben's prior announcement), I think this effort is doomed
I'm not convinced that being "first" is necessarily the most important
factor in deciding a proper strategy.
> to be plagued by bickering and divisiveness, and the stated
> intent -- preserving and enhancing SSLeay -- will actually
> suffer rather than be properly fulfilled.
That is true. But remember that it was Ben who appears to have serious
problems with Sameer and/or C2, which could affect how he deals with the
situation. It certainly led him to make various serious but unfounded
allegations on this public former: that sort of thing is unlikely to help.
Paul
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:39