-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Qubes Community,
Since the initial launch [01] of Qubes OS back in April 2010, work on Qubes
has been funded in several different ways. Originally a pet project, it was
first supported by Invisible Things Lab [02] (ITL) out of the money we earned
on various R&D and consulting contracts. Later, we decided that we should try to
commercialize it. Our idea, back then, was to commercialize Windows AppVM
support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought
we would offer Windows AppVM support under a proprietary license. Even though we
made a lot of progress on both the business and technical sides of this
endeavor, it ultimately failed.
Luckily, we got a helping hand from the Open Technology Fund [03] (OTF), which
has supported [04] the project for the past two years. While not a large
sum of money in itself, it did help us a lot, especially with all the work
necessary to improve Qubes' user interface, documentation, and outreach to new
communities. Indeed, the (estimated) Qubes user base has grown [05]
significantly over that period. Thank you, OTF!
But Qubes is more than just a nice UI: it's an entirely new, complex system --
a system that aims to change the game of endpoint security. Consequently, it
requires expertise covering a wide spectrum of topics: from understanding
low-level aspects of hardware and firmware (and how they translate to the
security of a desktop system), to UI design, documentation writing, and
community outreach. Even if we consider only the "security research" aspect of
Qubes, this area alone easily scales beyond the capabilities of a single human
being.
In order to continue to deliver on its promise of strong desktop security, Qubes
must retain and expand its core team, and this requires substantial funding. At
this point, we believe the only realistic way to achieve this is through
commercialization, supplemented by community funding.
Commercialization
=================
We're taking a different approach to commercialization this time. Building on
the success of the recent Qubes 3.2 release, which has been praised by users for
its stability and overall usability, we will begin offering commercial editions
(licenses) of Qubes OS to corporate customers. We believe that the maturity of
Qubes, combined with its powerful new management stack [06], makes it ripe
for adoption by any corporation with significant security needs.
Commercial editions of Qubes OS will be customized to meet special corporate
requirements. For example, two features that might be particularly attractive to
corporate customers are (1) "locking down" dom0 in order to separate the user
and administrator roles and (2) integrating our local management stack with a
corporation's remote management infrastructure. These are both examples of
features that our developers are capable of implementing now, on Qubes 3.2.
We plan to partner with one to three corporate clients in order to run a pilot
program throughout the first half of 2017. After it has been successfully
completed, we'll then widen our offer to more corporate customers and,
ultimately, to small business customers. Our main constraint is the scalability
required to cover each additional client. Hence, we plan to focus on larger
customers first.
Let there be no misunderstanding: Qubes OS will always remain open source. We
anticipate that the majority of our commercialization efforts will involve the
creation of custom Salt configurations, and perhaps writing a few additional
apps and integration code. In the event that any corporate features require
reworking the core Qubes code, that new code will remain open source.
We considered many other ways of attempting to commercialize Qubes before
arriving at this model. One possibility that some of our users have inquired
about is that we sell dedicated Qubes hardware (i.e. laptops). However, there
are a number of challenges here, both in terms of making the hardware
trustworthy enough to merit our "seal of approval", and from a business and
logistics perspective. For these reasons, we don't plan to pursue this option in
the immediate future.
Community funding
=================
Unfortunately, the financial necessity of shifting our priorities to commercial
clients will mean that we have less time to work on features that benefit the
wider, security-minded open source community, which has been our focus for the
past seven years. This deeply saddens us. (We all use Qubes on our personal
computers too!) However, the reality is that ITL can't afford to sustain the
open source development of Qubes for much longer. We're running out of time.
In an attempt to keep the open source development of Qubes going, we've teamed
up with Open Collective [07], which makes it easier to donate to the Qubes
project. Now, in addition to our Bitcoin fund [08], we can also accept
donations via credit card. ITL will not benefit from of any of the money donated
through Open Collective. Instead, the funds will be paid directly to individual
developers who have been hired to work on the open source edition of Qubes.
With the help of our community, we hope eventually to build a nonprofit
organization that will ensure the long-term future of Qubes as an open source
operating system that is freely available to all -- one of the few operating
systems that places the security of its users above all else.
If you are a user of Qubes and want to help us continue working on it, please
donate now [07]. Those who have contributed will be publicly recognized on our
Open Collective [07] page (if they so choose). Organizations that support the
Qubes project will be publicly recognized on our Partners page [09]
(again, if they so choose). If you are interested in supporting Qubes with
significant resources, whether as an individual or on behalf of an organization,
we ask that you please contact us directly [10], since donating through
Open Collective entails significant administrative overhead.
Thank you for your continued support. Together, we can ensure that Qubes is
around to secure our digital lives for many years to come.
--The Qubes team
[01]
https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html
[02]
https://invisiblethingslab.com
[03]
https://www.opentech.fund/
[04]
https://www.opentech.fund/project/qubes-os
[05]
https://www.qubes-os.org/counter/
[06]
https://www.qubes-os.org/news/2015/12/14/mgmt-stack/
[07]
https://opencollective.com/qubes-os
[08]
https://www.qubes-os.org/news/2016/07/13/qubes-distributed-fund/
[09]
https://www.qubes-os.org/partners/
[10] <
busi...@qubes-os.org>
You can also view this announcement on the Web at:
https://www.qubes-os.org/news/2016/11/30/qubes-commercialization/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYP2b6AAoJENtN07w5UDAwJ4kQAMClOUh/vmxWr0Hb7ENgeBAq
xLQQrKuUBeK5yZ7+Jpeoqc/ni8VsZ8vwbXWayHLWHk1IMn22OMn/cd66T6tljt0x
UdcZ4Ng4nxl0j8sN0Ycw4iEx29LRwPs4m0EOPPEYRaqql+QNEPjs8mItE/vRtkd3
KTudISYCflBwFB2SlVn8NHd8gNbaV/y8oy7gRLCpzEtf3rU4WAf2jKdRpGWx3RFx
uqYLJ/vfEOBs2SctsuNLzm+8eX7hZ6DOBQNBGgAtdLMnaWqBBA3uEjmwjGbNL2jm
BGVYUnPyKIgCcGHGuInCgRb8vatrV6Vesduw9IRbQHB2BOQT41pdhlbtbPUkOSu4
HXn4j9/w3TXE4Qnvq5EeA3VTYM9cnf4COQ4XuaXNxUX9ojiuRgFqNxQ1vHw98rST
nsS//+9AoL2PQmElunWwhPe/srWDcODZ/iVDd2uafc0gEdNTYUHzDSQkhhd5GOEM
2xe9zMfR8m+mpXTX5/ObVbsQ61EXUw6YYb9IH0vBvnG6QUSRe6xzXKVK8h/9JaHt
5rhQxb+njEcovZ9cLadwA9IIZP4FJhYU0cvXpRbPSHueFRf7j4JfplClPEnL2vEC
NqG/lcgCKjA6tmk2x+CXU0rue35OwzjMUaWq8YZ0MmX0fc+/MFw121LpBu+0Ke0H
VOFj+L9DRea6g7k0OPtI
=3Y/D
-----END PGP SIGNATURE-----