project sets the standard for
security in free operating systems. More than with any other project, the
OpenBSD hackers work at tracking down potential security problems before
they affect users. This work has earned OpenBSD a well-deserved reputation
for being hard to break.
A recent posting to the openbsd-misc mailing
list has raised a non-technical issue: it seems that OpenBSD's finances
are not as solid as its software. The project has been running at a
$20,000 (US) annual deficit for the last couple of years, with no relief in
sight. The problem, it is said, is that OpenBSD users have stopped buying
CDs; instead, they content themselves with grabbing a copy from a network
server for free. The sales of CDs and related items are a major source of
money for the project; if CD sales do not live up to expectations, income
will fall short.
LWN asked the OpenBSD project if there was any sort of public information
on the group's budget and how it is spent. Unfortunately, it seems that
there is no such information. From looking at what information is
available, it appears that the biggest single expense is the occasional
"hackathons" - coding-intensive developer meetings - run by the project.
Beyond that, there's the usual costs for Internet service, equipment, and
so on. It appears that very little of OpenBSD's budget goes toward paying
salaries to developers.
To support its activities, OpenBSD would like to bring in about $100,000
per year. Donations recently have been a very small fraction of that,
however. What the OpenBSD folks are saying now is: something has to
change, or the project will be unable to continue at its current level of
activity in the future.
Every free software project must support its work somehow. For small
projects, that support may consist of no more than the occasional donation
of development time by an interested hacker or two. Larger projects
require more, however, in the way of infrastructure and developer time. So
most projects, once they achieve a certain level of success, have to find a
revenue stream from somewhere.
That, often, is when the core developers try to form a business around
the project. It may just be a matter of lining up some consulting work to
pay for the continued development and maintenance of the code, or there
may be a more advanced business plan involved. Sometimes projects are able
to obtain sponsors which have some interest in the project's success;
witness Google's support of the Mozilla Foundation, for example. Sometimes
developers will be hired by a company to work on free code; many Linux kernel
hackers make their living in that way.
It is a rare project, however, which is able to get very far with sales of
CDs and donations. There is little motivation for anybody with a broadband
network connection to order CDs; a simple download gets more current
software more quickly. This is why Linux distributors have been moving
away from CD sales as a business model for years - and those which haven't
are wishing they had. The OpenBSD project is simply discovering the same
thing others have found out: the value of a CD is quite low. Anybody who
is in the business of selling CDs full of free software is in a commodity
business, and one which is in competition with its own customers at that.
There is no other business of any consequence built around OpenBSD,
however. There are few products which incorporate OpenBSD, and few
high-profile network-based services which use it. While OpenBSD does not
lack for users, it seems there are relatively few who see a business
interest in supporting its development. It must be said that the abrasive
nature of OpenBSD's leadership cannot be helping in this regard.
The same posting hints at one approach for generating some cash:
[What] a lot of people don't seem to realize is that OpenSSH
development is paid from the same pool of money as OpenBSD.
OpenSSH is in use by millions around the world however the revenue
stream just simply isn't there. This is where other projects could
help. Without naming entities or projects by name there are others
out there that are sitting on some cash. It would be wonderful if
these entities could share some of the wealth to keep us going.
The project, in other words, is appealing to "entities" which obtain some
value from OpenSSH to kick into the OpenBSD coffers. It is hard to imagine
that, for example, Linux distributors - all of which distribute OpenSSH -
are not among the "entities" being targeted here. This is just a bit
ironic, given how the OpenBSD founder has chosen to trash Linux recently.
More disconcerting, however, is the implicit threat: support OpenBSD, or
OpenSSH may go down the tubes. The answer the project is likely to hear
may not be the one they are looking for; the world may ask, instead,
why are OpenBSD and OpenSSH funded from the same pool of money?
Might it not be better to separate the two - by forking OpenSSH, if
necessary? Certainly some way could be found to keep OpenSSH going if
OpenBSD were to come to an end.
The end of OpenBSD would be an unfortunate event, however. The project's
uncompromising focus on security has raised the bar for all systems and
made all of us - even those who have never run OpenBSD - more secure. We
all benefit from having a group out there doing the work that the OpenBSD
people have taken on. But it is up to the OpenBSD folks to put some of the
same attention into securing their financial future, and that means finding
a way to obtain money from those who benefit most from OpenBSD's existence.
Given the size of the OpenBSD user base and the modest nature of its
financial needs, it seems like this problem should have a solution.
to post comments)