In 2006 or 2007 I was running a non-trivially sized project for a government agency, and we wanted to use TrueCrypt on every new machine we were rolling out.
The default licensing arrangement certainly meant we were (legally) covered, but we sought out the author and offered a financial arrangement in terms of support (we weren't proposing an especially onerous arrangement, and were quite clear in our 'improvements we fund, we're happy to go back to GPL' and it was very much an early stage of negotiations from our perspective). Weirdly it was dismissed outright.
Highly anecdotal, and the guy I had that contacted the TrueCrypt author may have given the wrong impression (unlikely), but since then I've always felt the project was in the 'slightly odd' category.
Or maybe he just figured that taking money would mean that people would make assumptions about services rendered for that payment.
Sometimes it is better to not be associated with certain sources of funding if you want to keep your reputation clean and not being the subject of 'sold out' claims even if that isn't the case.
Sure, and while I can't recall the precise details of the correspondence, we were certainly very sensitive to that.
I'm a long-term free software advocate, and the network admin that was talking to the TrueCrypt author(s) was similarly minded, so there was absolutely no question we were seeking to taint the licence, risk the independence, demand credit or attribution, or anything along those lines.
Part of advocating free software in government agencies then (and probably also now) is that you are obliged to CYA in terms of having some mechanism by which you can demonstrate you can obtain support in the unlikely event of problems. It's a real pain in some cases (such as this), but in practice it's usually lip service at worst.
We were under no illusions - we'd heavily tested the software, and knew it was fit for purpose (it was a Windows XP rollout, so pretty well trodden ground). We were confident we'd never have to contact them again, once we'd thrown them some cash.
I would suggest that going to work for "the/this government", even on a contract basis, may and probably has all sorts of implications including perhaps a majority of which and the most concerning are not actually spelled out in the direct contract, itself.
Just trying to evaluate what those might include could be a very extensive and unachievable exercise.
I can imagine someone in a position like that of the TrueCrypt developers being loathe to enter into a scenario bringing with it such ramifications. Even setting aside any personal ideology, it has the appearance of a swamp in need of the obligatory sign, "Here Be Dragons".
Just my blue sky speculation, but based upon a number of years of casual and outside observation of facts and anecdotes that make it into the sphere of public knowledge.
But there was no 'come work for us' implied or explicit, of that I'm sure.
This was small to medium-sized Australian government agency, knowingly talking to people we (assume) were based in either Europe or the USA, either way off-shore.
We didn't even have a tentative contract to hand, and as I say I can't remember the details, but I suspect our opening inquiry was along the lines of 'has anyone else talked to you about this type of deal', leading into a 'we'd just like something on paper that will satisfy management that we've done due diligence'. Our expectation was that it would effectively be a donation to the project.
Clearly there was, for us, back then, no perceived risk at all TrueCrypt was about to be abandoned - and the project's response to fixing bugs far exceeded any non-free / proprietary software we were concurrently deploying.
Thanks for the clarification. Although I still think a person in a position such as that of the TrueCrypt developers might be reluctant to take anything from a government or provide them any sort of... statement.
I've noted a few people assuming the male pronoun. It may have been an intentional misdirection at the time, but I do recall my guy had expressed mild amazement that the developer he'd been talking to was a female.
That aside ... :)
We hadn't talked cash at all, it hadn't even gotten that far.
I would speculate, thinking back at it, that I'd have been happy to throw somewhere around $10k at them. I'd just managed to save about $150k on MS licences, so my budget was looking healthy, and TrueCrypt solved a goodly number of our regulatory problems.
As I mentioned above we were in the very early stages, and were likely couching the arrangement in terms of a donation (in return for some vague assurances of assistance if it all went titsup).
The default licensing arrangement certainly meant we were (legally) covered, but we sought out the author and offered a financial arrangement in terms of support (we weren't proposing an especially onerous arrangement, and were quite clear in our 'improvements we fund, we're happy to go back to GPL' and it was very much an early stage of negotiations from our perspective). Weirdly it was dismissed outright.
Highly anecdotal, and the guy I had that contacted the TrueCrypt author may have given the wrong impression (unlikely), but since then I've always felt the project was in the 'slightly odd' category.