[openssl-dev] We're working on license changes
Brian Smith
brian at briansmith.org
Tue Aug 4 20:02:37 UTC 2015
On Tue, Aug 4, 2015 at 2:47 PM, Salz, Rich <rsalz at akamai.com> wrote:
> > It is natural for a lawyer to tell you to require lots of things to
> protect whatever entity is paying them.
>
> Well, yeah, sure. But I would hope that the bono-fides of the SFLC and
> Eben Moglen aren't being called into question.
>
Nope. What I'm saying is that lawyers work a lot like us: They help you
build a threat model, and then they help you create a defense for that
threat model. Basically, I'm asking for more considerations to be added to
the threat model:
* The new licensing should facilitate sharing code between the BoringSSL,
LibreSSL, and OpenSSL projects, and it should be clear how this is done.
* The new licensing should facilitate using OpenSSL code with GPLv2 code,
the LInux Kernel and GMP in particular. See [0] in the OpenSSL FAQ.
* The new license should treat every contributor equally. Contributors
should not have to grant privileges to any other contributor beyond the
privileges given in the license that everybody has.
> >Please let me know if you want me to put you in touch with the licensing
> people at Mozilla who can probably help you do the same.
>
> Sure, please contact me (rsalz at openssl.org)
>
Sure, will do (privately).
> > To be clear, I don't have any problem with the OpenSSL Foundation being
> a for-profit corporation. But, it does make for a very different situation
> than how the Apache Software Foundation[3] or even Mozilla operates, and I
> think that distinction is very important when it comes to licensing.
>
> Since Matt has explained that we're not a for-profit corporation, I assume
> that this is no longer a concern for you. We are *not* a tax-exempt
> charitable organization, but we are not for profit.
>
The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is
incorporated in the United States as a regular for-profit corporation," and
the proposed CLA[2] is an agreement between the contributor and that
for-profit corporation.
Anyway, I don't think we need to rathole on that, because my point is that
there should be a way to do the licensing that doesn't require any CLA for
future contributions, but only for past contributions.
[0] https://www.openssl.org/support/faq.html#LEGAL2
[1] https://openssl.org/support/donations.html
[2] https://www.openssl.org/licenses/openssl_icla.pdf
Cheers,
Brian
--
https://briansmith.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150804/5255224c/attachment.html>
More information about the openssl-dev
mailing list