OpenBSD Foundation 2018 Fundraising Campaign
openbsdfoundation.orgNote that these pages are not served via https, and neither is the donations page[1] which contains links to Paypal.
This has been pointed out from time to time on the openbsd "misc" email list but I've never seen a good explanation for why these pages are not secure.
I am not related to the OpenBSD team, but just dropped a mail for them and in a few hours I can reach it via HTTPS:
https://www.openbsdfoundation.org/donations.html
awesome people :)
The PayPal links are https
Doesn't matter. Nothing can be trusted on a plain HTTP page.
It's quite inexcusable today that setting up a certificate is such an inexpensive and easy thing with Let's Encrypt.
Agreed. What world are people living in when they present payment links on an insecure page in 2018? Um, no dude. I'm not going to click on your link now, nor will I ever. Byyye.
The parent made it sound like the PayPal links were also http
Remember that OpenBSD also represents OpenSSH, which so many of us use every day.
Well, I want to donate but I don't want to use PayPal. And US banks charge an arm and a leg for wire transfers. Is there a way I can simply mail them a check?
http://www.openbsdfoundation.org/donations.html reads:
Donations may be made by cheque in CAD/EUR/USD funds to:
The OpenBSD Foundation
8101 160 Street
Edmonton, Alberta, Canada
T5R 2G9
Why should I mail money to an address written on an http site?
same address here. Unlikely someone tampered it.
[jwilk got there first] I just used PayPal for a small one-off donation.
Their continued unwillingness to create a US 501(c)(3) entity to receive donations from US donors means that they will continue to lose out on a significant number of potential donations.
I get the impression that OpenBSD has a prejudice against becoming officially involved with the United States, formed in the days when t-shirts were export-restricted munitions.
I've never heard about that. What's the story? How do you know about it?
I appreciate OpenBSD. Among other things their focus on making APIs that are impossible to misuse and hacking down the scope of a problem to the bone result in a lot of interesting products. Basically if you have to consult anything beyond the man page for their stuff they've failed. Given those restrictions they tackle big problems with good results.
I put a recurring $50 donation when the freeBSD controversy came and went.
I hope its useful, not sure what they use the money for.
It is useful, it helps fund the infrastructure, it helps fund hackathons, it helps hosting hackers during the events, it helps bringing developers who would not make it because they wouldn't afford the transportation, it helps getting hardware needed to write new drivers, etc, etc, etc...
As far as I'm concerned, a single week of hackathon achieves far more than months of individual work on the side, and the hackathons take place because the foundation can bring many developers together in the same place at the same time thanks to the donations it receives :-)
Note from the about page: "We are not a registered charity, in the sense that we do not issue tax deductible receipts. " Seems still worthwhile to raise awareness.
" and related projects such as OpenSSH, OpenBGPD, OpenNTPD, OpenSMTPD, LibreSSL, and mandoc. "
It's "OpenBSD", not "Open BSD". Please use the original title:
The OpenBSD Foundation 2018 Fundraising Campaign
Action taken. No spaces in the wrong places in these parts.