On Tue, Aug 4, 2015 at 2:47 PM, Salz, Rich <rs...@akamai.com> wrote: > > It is natural for a lawyer to tell you to require lots of things to > protect whatever entity is paying them. > > Well, yeah, sure. But I would hope that the bono-fides of the SFLC and > Eben Moglen aren't being called into question. >
Nope. What I'm saying is that lawyers work a lot like us: They help you build a threat model, and then they help you create a defense for that threat model. Basically, I'm asking for more considerations to be added to the threat model: * The new licensing should facilitate sharing code between the BoringSSL, LibreSSL, and OpenSSL projects, and it should be clear how this is done. * The new licensing should facilitate using OpenSSL code with GPLv2 code, the LInux Kernel and GMP in particular. See [0] in the OpenSSL FAQ. * The new license should treat every contributor equally. Contributors should not have to grant privileges to any other contributor beyond the privileges given in the license that everybody has. > >Please let me know if you want me to put you in touch with the licensing > people at Mozilla who can probably help you do the same. > > Sure, please contact me (rsalz at openssl.org) > Sure, will do (privately). > > To be clear, I don't have any problem with the OpenSSL Foundation being > a for-profit corporation. But, it does make for a very different situation > than how the Apache Software Foundation[3] or even Mozilla operates, and I > think that distinction is very important when it comes to licensing. > > Since Matt has explained that we're not a for-profit corporation, I assume > that this is no longer a concern for you. We are *not* a tax-exempt > charitable organization, but we are not for profit. > The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is incorporated in the United States as a regular for-profit corporation," and the proposed CLA[2] is an agreement between the contributor and that for-profit corporation. Anyway, I don't think we need to rathole on that, because my point is that there should be a way to do the licensing that doesn't require any CLA for future contributions, but only for past contributions. [0] https://www.openssl.org/support/faq.html#LEGAL2 [1] https://openssl.org/support/donations.html [2] https://www.openssl.org/licenses/openssl_icla.pdf Cheers, Brian -- https://briansmith.org/
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev