Successful crowdfunding secures GnuPG’s future

When it comes to encryption, GnuPG is the de facto standard implementation of the PGP standard. Any private individual currently encrypting their emails is almost always using a software package that has GnuPG under its bonnet. Since the middle of December GnuPG’s main developer has been collecting donations to enable financing of his work on the software. This was going rather slowly until last Thursday, when, helped by media reports of the project’s plight, main GnuPG Werner Koch and his fellow developers succeeded in raising the required €120,000 within one day, German IT news site heise reports.

The software’s development will therefore be fully financed for the current year for the first time. In addition, Facebook and payment processor Stripe have both stated their readiness to subsidise its development with $50,000 per year each and The Linux Foundation has given Koch a one-off donation of $60,000. Even the German Federal Office for Security & Information Technology (Bundesamt für Sicherheit in der Informationstechnik – BSI) is intending to support the GnuPG project. This was announced via German computer periodical c’t. It is believed the BSI has given the project similar support in the past.

Explaining its decision, Facebook stated:

We think it’s important to have a diverse family of software that can stand the test of time, and this is a great opportunity to support such a project. GnuPG was started 17 years ago, and we hope it keeps improving for years to come.

What the case of GnuPG illustrates is the fragility of many open source software projects; lots of packages are maintained and developed by very dedicated people relying on sporadic, inadequate funding and often working in their free time. Furthermore, many projects rely on very few developers. What would happen to some vital software packages should – heaven forbid – the developer gets run over by a bus?