On Wed, Jul 10, 2019 at 1:58 AM Salz, Rich <rs...@akamai.com> wrote: > Thank you for the update. This brings to mind a few additional questions: > > 1. Does other code which is copyright/licensed under the Apache 2 license also require CLAs? See points 1-3 of previous email. CLAs are required for anything non-trivial.
> 2. Does other code which is in the public domain also require CLAs? See points 1-3 of previous email. CLAs are required for anything non-trivial. > 3. Does OpenSSL expect that anyone using OpenSSL and bundling it with Apache 2 software must first ask the project for permission? That is an entirely separate question and all the project states is the license under which we offer the software. That question can be more broadly worded as "Does OpenSSL expect that anyone using OpenSSL must first ask the project for permission?" The license under which the OpenSSL software is provided does not require "permission" to be sought for use of the software. See https://www.openssl.org/source/apache-license-2.0.txt So in short the answer is "no" because the software is under a license that doesn't require permission to be sought for its use. > 4. Assuming #1 is yes and #3 is no, can you explain why there is a difference? Because 1 and 2 are about *contributing *code that the project then offers under a license, whereas 3 is about *using* the produced code under its license. They are completely different contexts (one in-bound, one out-bound). And they are completely different entities (1&2 are about requirements the *project *places on contributions, and 3 is about requirements the license places on *users* of the software). Tim.