Seeking SOS Fund Projects

I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit. (Here‘s what’s been done and published so far; a few more are in the works.) The criteria for what makes a good project are recorded on the MOSS website. We have two hard-and-fast criteria:

  • The software must be open source/free software, with a license that is OSI-certified and/or FSF-approved
  • The software must be actively maintained

And then we have a series of factors we consider when evaluating an application:

  • How commonly used is the software?
  • Is the software network-facing or does it regularly process untrusted data?
  • How vital is the software to the continued functioning of the Internet or the Web?
  • Is the project known for something besides the code we are relying on?
  • Does the software depend on closed-source code, e.g. in a web service?
  • Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
  • Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
  • Does the software have existing corporate backing or involvement?

People do have a tendency to suggest the entirely impractical, such as “Linux Mint” or “Copperhead OS”. We aren’t able to do full audits on corpuses of software of that size. In general, if it’s more than about 200kloc, we are going to have to pick and choose.

If you know of a project which fits, please submit a suggestion, or drop me an email. Thanks!

A New Scam?

I got this email recently; I’m 99% sure it’s some new kind of scam, but it’s not one I’ve seen before. Anyone have any info? Seems like it’s not totally automated, and targets Christians. Or perhaps it’s some sort of cult recruitment? The email address looks very computer-generated (firstnamelastnamesixdigits@gmail.com).

Good morning,

I am writing in accordance to my favourite Christian website, I could do with sending you some documents regarding Christ. I am a Christian since the age of 28, when I got a knock at the door at my house by a group of males asking me to come to a Christian related event, I of course graciously accepted.

I have since opened up about my homosexuality which my local church somewhat accepted, as I am of course, one of the most devout members of the Church. I am very grateful to the church for helping me discover whom I really was at a time where I needed to discover who I was the most.

I would like to obtain your most recent address, as I have seen on your website that you have recently moved house (as of 2016) to a Loughborough address. I would like to send you some documents regarding my struggles with depression and then finding God and how much he helped me discover my real identity.

I thank you very much for your aid in helping me find God and Christ within myself, as you helped me a lot with your website and your various struggles, which gave me strength to succeed and to carry on in the name of Jesus Christ, our Lord and Saviour.

Hope to hear a reply soon,

Kind regards,

<name>