[openssl-dev] License change agreement

Dirk-Willem van Gulik dirkx at webweaving.org
Fri Mar 24 13:11:31 UTC 2017

> On 24 Mar 2017, at 13:14, Otto Moerbeek <otto at drijf.net> wrote:
> On Fri, Mar 24, 2017 at 11:53:10AM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
>> I personally think this issue is being blown way out of proportion and beyond the boundary of reason. 
>> Regards,
>> Uri
> Is it reasonable to step on the rights of authors with the backing of
> large corporations?

I personally do not see this as something led, backed or driven by the large corporation. 

Rather, I see a community of developers, do a very reasonable, timely and sensible job to get their house in order; adapt to the realities of modern society - and thus allow the community to continue to operate as it wants in a changed world.

We understand a lot more about IPR, CLAs, patens and (software) licenses (their interaction with business and governance processes) than we did 30 years ago.

And just like we consider retiring support for say a PDP-11, AIX or SunOS & old compiler cruft — so do our licenses need maintenance.

>  Individual authors that might have chosen to
> change email address or are unable to be contacted for other reasons?

And as all things in life - this is not a black or white thing - but one where you need to trade one type of risk versus that of another. 

Long term health of the community is important; as are old contributions made once to that community. But to an outsider or reasonably observer - neither is done without context or absolute. Total stagnation is as much a risk as blindly pushing through a change unilaterally.

To me it seems that OpenSSL is doing a commendable job trying to find a balance. 

And ultimately a large part of the metric of success is wether this community survives; and continues to see the amplification loop of having its code use and thus garnering resources to keep the code usable work. Like bitrot - outdated & outmoded licenses too are an impediment too for this.  Also - know that outsiders who have to access the risks of these license changes won’t see this as a black and white thing - and are perfectly used to trade the advantages of a known license with the residuals of less than perfect provenance. We do that all the time.

With kind regards,


More information about the openssl-dev mailing list