On Fri, Jul 31, 2015 at 12:29 PM, Hanno Böck <ha...@hboeck.de> wrote:
> "Salz, Rich" <rs...@akamai.com> wrote: > > > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > > more details. > > > > Summary: Moving to Apache 2, CLA's coming, it will take time. > > This is a huge step if it works (I leave it up to the lawyers to decide > if it will), but I want to question whether Apache License is really a > wise move. [snip] In the spirit of making OpenSSL as useful as possible for everyone I > would consider a permissive license that's more compatible (e.g. MIT) a > wiser choice. > I agree 100%. What is wrong with the ISC-style license that LibreSSL and BoringSSL have been using to share code? Why not use that same license for new code? The ability to share code between these projects is hugely valuable, especially when it comes to getting security problems fixed in a timely and secure manner. Also, I question the need for people to sign a CLA to contribute to OpenSSL. OpenSSL has been very successful for decades without a CLA requirement. Lots of other projects are extremely successful without a CLA. A CLA seems unnecessary. Cheers, Brian [1] https://www.imperialviolet.org/2014/06/20/boringssl.html (end of document)
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
