Or maybe he just figured that taking money would mean that people would make assumptions about services rendered for that payment.
Sometimes it is better to not be associated with certain sources of funding if you want to keep your reputation clean and not being the subject of 'sold out' claims even if that isn't the case.
Sure, and while I can't recall the precise details of the correspondence, we were certainly very sensitive to that.
I'm a long-term free software advocate, and the network admin that was talking to the TrueCrypt author(s) was similarly minded, so there was absolutely no question we were seeking to taint the licence, risk the independence, demand credit or attribution, or anything along those lines.
Part of advocating free software in government agencies then (and probably also now) is that you are obliged to CYA in terms of having some mechanism by which you can demonstrate you can obtain support in the unlikely event of problems. It's a real pain in some cases (such as this), but in practice it's usually lip service at worst.
We were under no illusions - we'd heavily tested the software, and knew it was fit for purpose (it was a Windows XP rollout, so pretty well trodden ground). We were confident we'd never have to contact them again, once we'd thrown them some cash.
I would suggest that going to work for "the/this government", even on a contract basis, may and probably has all sorts of implications including perhaps a majority of which and the most concerning are not actually spelled out in the direct contract, itself.
Just trying to evaluate what those might include could be a very extensive and unachievable exercise.
I can imagine someone in a position like that of the TrueCrypt developers being loathe to enter into a scenario bringing with it such ramifications. Even setting aside any personal ideology, it has the appearance of a swamp in need of the obligatory sign, "Here Be Dragons".
Just my blue sky speculation, but based upon a number of years of casual and outside observation of facts and anecdotes that make it into the sphere of public knowledge.
But there was no 'come work for us' implied or explicit, of that I'm sure.
This was small to medium-sized Australian government agency, knowingly talking to people we (assume) were based in either Europe or the USA, either way off-shore.
We didn't even have a tentative contract to hand, and as I say I can't remember the details, but I suspect our opening inquiry was along the lines of 'has anyone else talked to you about this type of deal', leading into a 'we'd just like something on paper that will satisfy management that we've done due diligence'. Our expectation was that it would effectively be a donation to the project.
Clearly there was, for us, back then, no perceived risk at all TrueCrypt was about to be abandoned - and the project's response to fixing bugs far exceeded any non-free / proprietary software we were concurrently deploying.
Thanks for the clarification. Although I still think a person in a position such as that of the TrueCrypt developers might be reluctant to take anything from a government or provide them any sort of... statement.
Sometimes it is better to not be associated with certain sources of funding if you want to keep your reputation clean and not being the subject of 'sold out' claims even if that isn't the case.