<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Aug 4, 2015 at 2:47 PM, Salz, Rich <span dir="ltr"><<a href="mailto:rsalz@akamai.com" target="_blank">rsalz@akamai.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> It is natural for a lawyer to tell you to require lots of things to protect whatever entity is paying them.<br>
<br>
</span>Well, yeah, sure. But I would hope that the bono-fides of the SFLC and Eben Moglen aren't being called into question.<br></blockquote><div><br></div><div>Nope. What I'm saying is that lawyers work a lot like us: They help you build a threat model, and then they help you create a defense for that threat model. Basically, I'm asking for more considerations to be added to the threat model:</div><div><br></div><div>* The new licensing should facilitate sharing code between the BoringSSL, LibreSSL, and OpenSSL projects, and it should be clear how this is done.</div><div>* The new licensing should facilitate using OpenSSL code with GPLv2 code, the LInux Kernel and GMP in particular. See [0] in the OpenSSL FAQ.</div><div>* The new license should treat every contributor equally. Contributors should not have to grant privileges to any other contributor beyond the privileges given in the license that everybody has.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">>Please let me know if you want me to put you in touch with the licensing people at Mozilla who can probably help you do the same.<br>
<br>
</span>Sure, please contact me (rsalz at <a href="http://openssl.org" rel="noreferrer" target="_blank">openssl.org</a>)<br></blockquote><div><br></div><div>Sure, will do (privately).</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> To be clear, I don't have any problem with the OpenSSL Foundation being a for-profit corporation. But, it does make for a very different situation than how the Apache Software Foundation[3] or even Mozilla operates, and I think that distinction is very important when it comes to licensing.<br>
<br>
</span>Since Matt has explained that we're not a for-profit corporation, I assume that this is no longer a concern for you. We are *not* a tax-exempt charitable organization, but we are not for profit.<br></blockquote><div><br></div><div>The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is incorporated in the United States as a regular for-profit corporation," and the proposed CLA[2] is an agreement between the contributor and that for-profit corporation.</div><div><br></div><div>Anyway, I don't think we need to rathole on that, because my point is that there should be a way to do the licensing that doesn't require any CLA for future contributions, but only for past contributions.</div><div><br></div><div>[0] <a href="https://www.openssl.org/support/faq.html#LEGAL2">https://www.openssl.org/support/faq.html#LEGAL2</a></div><div><div class="gmail_quote">[1] <a href="https://openssl.org/support/donations.html">https://openssl.org/support/donations.html</a></div></div><div class="gmail_quote">[2] <a href="https://www.openssl.org/licenses/openssl_icla.pdf">https://www.openssl.org/licenses/openssl_icla.pdf</a></div><div><br></div><div>Cheers,</div><div>Brian</div></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><a href="https://briansmith.org/" target="_blank">https://briansmith.org/</a></div><div><br></div></div></div></div></div></div></div>
</div></div>