punycode licensing

Tim Hudson tjh at cryptsoft.com
Wed Jul 10 10:42:57 UTC 2019

Previous assertions that if the license was compatible that we don't need a
CLA in order to accept a contribution were incorrect.
You are now questioning the entire purpose of contributor agreements and
effectively arguing they are superfluous and that our policy should be

You are (of course) entitled to your opinion on the topic - however the
project view and policy on this is both clear and consistent even if it is
different from what you would like to see.

If someone else wants to create a derivative of the software and combine in
packages under other licenses (Apache License or otherwise) without having
CLAs in place then that is their choice to do so as long as they adhere to
the license agreement.
Again, all of this is use under the license. What our policies cover is for
contributions that the project itself will distribute - and entirely
separate context for what others can do with the resulting package.

The CLAs are not the same as code being contributed under an Apache License
There are many sound reasons for CLAs existing, and discussion of those
reasons isn't an appropriate topic IMHO for openssl-project.


On Wed, Jul 10, 2019 at 8:08 PM Salz, Rich <rsalz at akamai.com> wrote:

> Thank you for the reply.
> *>*The license under which the OpenSSL software is provided does not
> require "permission" to be sought for use of the software.
> See https://www.openssl.org/source/apache-license-2.0.txt
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_source_apache-2Dlicense-2D2.0.txt&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=xXRygChGgiK1BqBdOliLUVY3TL3voFi6oS6EUcMdAaU&s=g7Itj8LyezH-cDY2PLhFY6RkrbcX4b3xX5A7_f9MQvE&e=>
> Use, as defined by the license, doesn’t just mean end-users, and it is not
> limited to compiling, linking, and running executables.  A recipient can
> make derivative items, redistribute, and so on. All of those things are
> what OpenSSL would do if it “took in” code into the source base.
> So why does the project require permission from other Apache-licensed
> licensed software? In other words, why will the project not accept and use
> the rights, covered by copyright and license, that it grants to others?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20190710/2f0f752c/attachment.html>

More information about the openssl-project mailing list