[erhardm]

If only the design/architecture would be contracted to experts and the actual implementation be written by the community how expensive would that be?

The experts shouldn't write any line of code, use the community as code monkeys, only accepting pull requests and merge them in the project(basically what Linus does this days). Would that not be feasible?

[tptacek]

I don't think this would work. The details of how block-level crypto work are intimately connected to a bunch of fiddley systems programming details like bootup, power saving, and memory management. It's not nearly enough just to propose a workable design for how to make a virtual hardware-encrypted disk with XTS; you need to evaluate a lot of raw code, too.

[erhardm]

@ghostly_s

I don't see this as the roadblock. They (the experts) could bill by the hour. The most intensive period is the initial specification/design/architecture. After the burst period they just have to review the commits for security pitfalls and merge them if OK. The community could have some volunteer reviewers for triage.

I have no idea if this actually works and I also didn't heard anything like this done before, so take it with a grain of salt. That's why I asked more knowledgeable people how feasible this could be.

[ghostly_s]

So you're proposing keeping elite crypto expert(s) on the payroll for--what, years?--as they patiently wait for the community to build something that meets their standards? I'm not going to say such a person or people don't exist, but Linus is a rare sort; considering the market value of crypto experts' talents I think chances of finding someone willing to serve in such a role are rather slim.