It’s nice to finally see some serious funding go to supporting OpenSSH after 10 years of network vendors integrating OpenSSH but not contributing any funding.
It’s sort of amusing that OpenBSD has both an OpenSSL fork and an NTP daemon, though CII is funding the “legacy” implementations of both.
That was my reaction as well. It’s going to be interesting to see if LibreSSL eventually overtakes OpenSSL as the default SSL library in free *nix systems.
Probably worth mentioning that the work on libressl has had more than 2 developers. They’ve not been full time, but in the weeks since the incident the openbsd team has fixed many many bugs in openssl and improved the code greatly so that the next round of eyes that read it will be more inclined to fix it.
It’ll be interesting to see if the two developers who will be paidc to develop OpenSSL will be porting LibreSSL’s fixes; if they do, then the Linux foundation should definitely be providing the OpenBSD foundation funding for the work they’ve done.
On a side note, I was a little surprised to see that Google were listed as a significant contributer to the OpenBSD project. Good on them.