[talk] funding news

[John Baldwin]

On Friday, May 30, 2014 7:21:02 am James E Keenan wrote:
> On 5/29/14 10:19 PM, George Rosamond wrote:
> 
> >
> > The OpenSSL funding argument makes no sense... the problem seemed to be
> > lack of focus and trajectory of dev, not money.
> >
> 
> Which, of course, it shares with almost any dev project, open source or not.

One other takeaway I had from Beck's talk at BSDCan was that the actual crypto 
code itself in OpenSSL was ok.  It was the bits around the crypto that are 
hairy.  This isn't all that surprising if you think about it.  If you take a 
bunch of specialists at X and have them build a package to do X, the bits 
specifically for X will probably be sane.  It's all the other things that get 
you into trouble, and engineers can be a bit prone to thinking that if they 
are good at X they are also good at Y.  One can guard against that by trying 
to make packages simple and tightly focused ("Do one thing and do it well"), 
but it's often not easy ("do I write my own logging/tracing thing for 
debugging or use devel/glog?", etc.)

Of course, trying to go the devel/glog approach can lead to another problem I 
see where you end up with a bunch of tiny packages that aren't quite 
orthogonal, so package A pulls feature X from B and Y from C (except B also 
contains an implementation of Y, just not as good as C's in the mind of the 
author of A, etc.).  The end result is a mess with layers upon layers that is 
so complex and convoluted that no one can possibly understand the entire call 
stack.  At least, this is what runs through my mind everytime I rebuild KDE 
from ports.  It's depressing how many different MP3 decoders (or software 
audio mixers, etc.) get pulled in during that. :(

-- 
John Baldwin