Re: regarding OpenSSL License change

[Marc Espie]

On Thu, Mar 23, 2017 at 10:18:26AM -0600, Theo de Raadt wrote:
> Lots of people have been receiving emails like the one below.
[...]
> Date: Wed, 22 Mar 2017 16:48:10 -0400
> From: lice...@openssl.org
> To: dera...@cvs.openbsd.org
> Subject: OpenSSL License change
> Message-ID: <20170322204810.ra49wtmwn%lice...@openssl.org>
> User-Agent: s-nail v14.8.6
> Status: O
> 
> Hello!
> 
> This mail is coming from the OpenSSL development team.
> 
> This is a pre-release email before we "go public."  In particular,
> the most recent blog entry, listed below, is not yet available.  But we
> thought, as an important downstream fork, that we'd give you the courtesy
> of participating early.
> 
> We are working to change the license for OpenSSL. We want to move from
> the current license (which is custom-written and has some uncommon
> requirements on end-users), to the widely-accepted and common 
> Apache License (version 2).  You can find some explanation in
> our blog entries:

Thinking some more about it, the step from "custom written licence, weird
wording" into "Apache 2, wide-spread and acceptable" is very hypocritical.

If I understand things correctly, it's mainly a specific choice from one
guy, and I believe it should be scrutinized more: why choose the
Apache License v2, which is very controversial, instead of a more widely
accepted license, such as the 2 clause BSD / ISC license ?   


I would very much like to know if this is a misguided clueless
attempt to simplify things (we're talking about openssl, so this
wouldn't be too far-fetched), or whether there's an actual further
agenda pushed by some organisation with deep pockets which is ready
to "sponsor" some openssl developers if they manage to get things
moving in the right direction.


-- 
Marc

Re: regarding OpenSSL License change

[Marc Espie]

On Sun, Mar 26, 2017 at 08:49:39PM -0500, Jimmy Hess wrote:
> > > From: "Constantine A. Murenin" 
> > > If we do not hear from you, we will assume that you have no objection.
> > Is this for real?!
> > Who do they think they are?  ...
> >People should not bother to respond to such nonsense, and then sue
> > OpenSSL for obvious copyright infringement
> 
> I think "Don't bother to respond, and plan to sue" would be a poor
> response,  that would just hurt everyone involved.Of course
> silence does not generally grant permission. But the people in
> that project might be able to convincingly deliver some kind of
> argument that they've had implicit or "understood"  permissions made
> at time of submission to use contributions however the project
> collectively agrees to use them.

Bullshit.

The FSF, who understands this kind of stuff, was very careful about that 
with their paperwork.

All other organisations that ever wanted to change licences or audit their
trees had to spend quite a lot of time contacting authors and fixing things.

Basically, the only thing you can do when an author doesn't agree is rewrite
stuff from scratch.

The OpenSSL authors don't have a magic wand that allows them to do whatever
they please.  For that matter, if they DID have a magic wand, a much better
use of it would be to zap away all the bugs in their code.

> Also, there is no work-around for a contributor denying.   They might
> have the  idea of simply Removing and Replacing a  contribution  (Even
> if you can accurately identify and rewrite specific lines of code from
> a certain author)  does not  necessarily make the distribution
> Non-infringing,   As  later code is likely to have built on top of
> earlier code.

Rewrite from scratch.   The importance of code lines is generally greatly
exaggerated.  Non regression tests are generally way more precious than
actual code.

Re: regarding OpenSSL License change

[Tom Cosgrove]

>>> Jimmy Hess 27-Mar-17 02:49 >>>
:
> silence does not generally grant permission. 

Since never grants permission.

> But the people in that project might be able to convincingly deliver some
> kind of argument that they've had implicit or "understood" permissions
> made at time of submission to use contributions however the project
> collectively agrees to use them.

Absolutely not.

When I contribute to an open source project, I do so under the terms of the
licences in the files I work on _at that time_.  If I completely rewrite or
add new files, I put those files under the standard licence used by the project,
and that code is then licenced in that (possibly different) way.

And the specific licence is important to me.  It is a significant factor in the
choice of which project to work on (which is why I choose to hack on OpenBSD
rather than, say, Linux).

The terms under which I contribute are those licences - there is no other
implied permission.  If anyone wants to change the licence used by code I have
contributed, they need my approval.  And if they want me to be accommodating,
there had better be a public discussion about alternative licences first.

Tom

Re: regarding OpenSSL License change

[Jimmy Hess]

> > From: "Constantine A. Murenin" 
> > If we do not hear from you, we will assume that you have no objection.
> Is this for real?!
> Who do they think they are?  ...
>People should not bother to respond to such nonsense, and then sue
> OpenSSL for obvious copyright infringement

I think "Don't bother to respond, and plan to sue" would be a poor
response,  that would just hurt everyone involved.Of course
silence does not generally grant permission. But the people in
that project might be able to convincingly deliver some kind of
argument that they've had implicit or "understood"  permissions made
at time of submission to use contributions however the project
collectively agrees to use them.


I think it would be most helpful if say  Three or Four  significant
contributors would either  Object / Say No  on the basis  of
disapproving  of  the  "Change procedure"  Or get their lawyers to
draft a Cease & Decist,  On behalf of both themself and their
co-authors,  based on the implied intent to infringe.

And also,  Go remind those folksthat distributed Binaries based on
OpenSSL tree will be infringing with a changed license document  if
Even 1 Contributor  has not agreed to the re-license.

Also, there is no work-around for a contributor denying.   They might
have the  idea of simply Removing and Replacing a  contribution  (Even
if you can accurately identify and rewrite specific lines of code from
a certain author)  does not  necessarily make the distribution
Non-infringing,   As  later code is likely to have built on top of
earlier code.


A suggested concept would be contributors  Replying  to the inquiry with
something firmly saying No,  and  reminding them that Derivative works
include non-literal copying.

EG  [EXAMPLE ] language:

"I do not approve of the manner in which this license change is
being negotiated;  All my co-authors/co-contributors to this code
base must explicitly agree to the change in principle for me to consider
granting permission.

I Do Not consent at this time to any license change regarding
any part of any of my submitted or committed code, Nor any modified version
or derivative work of my contribution(s) created by non-literal copying
of my work deviating from the terms of the the OpenSSL+SSLeay license
documents found in the source tree at the time that my contribution
was made.

If a license statement was not included with any work I submitted, then
my default terms are: Copyright, All Rights Reserved.

I hereby pre-emptively remind you that:

Derivative work includes all code added to the project, even by
other developers that followed my contributions in time which
extended any functionality on top of OpenSSL based on changing
or extending my earlier work, or related to my code in any way,
Including design style, naming conventions, usage of headers
and function prototypes, variable names, and miscellaneous
aesthetic qualities of my contributions.

Please recall the following text from the SSLeay license terms
which applies to my contributions and all OpenSSL project code based
on SSLeay:

 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
"



--
-JH

Re: regarding OpenSSL License change

[Steffen Nurpmeso]

"Michael W. Lucas"  wrote:
 |On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote:
 |> It's about "You cannot change the licence without consent of the \
 |> author" and
 |> "We just assume that you say yes to this because we dont care about your
 |> rights", which is morally and legally wrong.
 |
 |It's very simple. Four words.
 |
 |"Silence is not consent."
 |
 |Not in contracts. Not in sex. And not in licensing.

You can say this word.  This is funny now, .. that you say this.
No no, no.  I fail to respond to that that is to say.

--steffen

Re: regarding OpenSSL License change

[Steffen Nurpmeso]

Sebastian Benoit  wrote:
 |Steffen Nurpmeso(stef...@sdaoden.eu) on 2017.03.24 14:03:45 +0100:
 |> Bob Beck  wrote:
 ...
 |> According to [1] the chosen license is however the "best" academic
 |> license, and the only one which allows patent protection.  Best in
 |> sofar as all tested items are green.  The Mozilla license was
 |> surely not possible?
 |> 
 |>   [1] http://www.osscc.net/en/licenses.html#compatibility
 ...
 |>|thats really not cool
 |> 
 |> As far as i understand it, using the Apache license gives more
 |> protection to end users than the current license does, at least if
 |> patents get involved.
 |> 
 |>   ..
 |>|> Apparently lawyers are being paid to help them push this through.  Is
 |>|> that being paid for by donations people gave after Heartbleed?  Is
 |>|> this why people donated?
 |> 
 |> The license is even better for end-users as the current license?
 |
 |But it's not about "this licence is better than that licence".

Of course it is, even not being personally involved looking at the
file headers it would be a wonderful cleanup if this jungle could
be replaced with a single copyright header.

 |The code has a licence and they dont respect that.
 |It's about "You cannot change the licence without consent of the author" \

Like it is stated in the file header.

 |and
 |"We just assume that you say yes to this because we dont care about your
 |rights", which is morally and legally wrong.

That is, the way you say it, absurd.  Morally wrong is, with 58
percent loss of life since 1971, to fly 4 kilometres for three
days of hacking or a week of holiday including soiling of historic
sites and stealing towels and anything else which fits into the
suitcase from the hotel.  Buying a new car or a new phone so-and-so
often, because of the same reason.

Or eating meat more than once a week, or at all in fast food
restaurants, at least if you live in Germany, like you do?,
because this is why the rainforests die, and the animals live
under terrible conditions, without sun light, without any space for
living, and without that word that cannot be used on an american
list, but anyway cows will never feel the ton of a hot steaming
bull body but instead the plastic glove of a Volkswagen driver,
up to the shoulder.  But even if you don't care about the animals,
it is still morally wrong because we first world people no longer
eat ears, heads, feets, and all that is shipped for a ridiculous
amount of money to Africa, were thousand year old traditions die
since decades due to that, because Farmers cannot afford this price,
and if they do they soil the acres, and if they don't they leave
their land and go to the cities, where they need more water than the
land can offer, and so you loose-loose and the deserts grow further,
and this goes on since decades.  And not talking at all about the
growing resistance of bacteria for antibiotics, also since decades.

Or having never cared for details but going on like a zombie and
voting the next demagogue that comes along and promises whatever.
Or, worse, even doing this on purpose because the human heart
never gets enough.

So this and much more is morally wrong, but asking all
contributors for a license change, a free license that seems to be
the "best license" for freedom, as has been verified, for the
massively and growing more massively still material world, where
some money-backed lawyers could enforce a shutdown of services if
some patent would be violated, for example, the word "morally
wrong" should be carefully chosen in my opinion.

I also sometimes have the impression that OpenSSL has become
a heavy truck that blindly rolls over the little flowers, though.
On the other hand i have received even two messages for different
addresses for contributions so marginal that it is almost
laughable that someone asks me at all.  The thing is, if i, with
these contributions, would really be allowed to veto the entire
switchover, then the world will stand still, because there are, in
fact, many little pissers all around us.  And this as an European.
I for one think like this, but of course other contributions are
of much more value than mine, and if there would be a "no" from
such a contributor, things may or even will be different.

--steffen

Re: regarding OpenSSL License change

[Gilles Chehade]

On Fri, Mar 24, 2017 at 11:55:10AM -0400, Michael W. Lucas wrote:
> On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote:
> > It's about "You cannot change the licence without consent of the author" and
> > "We just assume that you say yes to this because we dont care about your
> > rights", which is morally and legally wrong.
> 
> 
> It's very simple. Four words.
> 
> "Silence is not consent."
> 
> Not in contracts. Not in sex. And not in licensing.
> 

This is the clearest description of the situation.
Sadly, "clear" is something the OpenSSL folks are unfamiliar with...

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: regarding OpenSSL License change

[Michael W. Lucas]

On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote:
> It's about "You cannot change the licence without consent of the author" and
> "We just assume that you say yes to this because we dont care about your
> rights", which is morally and legally wrong.


It's very simple. Four words.

"Silence is not consent."

Not in contracts. Not in sex. And not in licensing.

==ml

-- 
Michael W. LucasTwitter @mwlauthor 
nonfiction: https://www.michaelwlucas.com/
fiction: https://www.michaelwarrenlucas.com/
blog: http://blather.michaelwlucas.com/

Re: regarding OpenSSL License change

[Sebastian Benoit]

Steffen Nurpmeso(stef...@sdaoden.eu) on 2017.03.24 14:03:45 +0100:
> Bob Beck  wrote:
>   ...
> 
> Disclaimer: i have read about licenses many years ago (likely over
> a decade, i stopped reading the german computer magazine c't
> somewhen in 2005).  I like and use the ISC license that your
> project has chosen and fosters whenever i can.
> 
> According to [1] the chosen license is however the "best" academic
> license, and the only one which allows patent protection.  Best in
> sofar as all tested items are green.  The Mozilla license was
> surely not possible?
> 
>   [1] http://www.osscc.net/en/licenses.html#compatibility
> 
> Interesting to me is that this is the third time this year that
> this topic comes up, in January i had a private communication with
> J??rg Schilling (who provided this link, again), i think a month
> ago there was a thread on the Austrian Linux User list, and now we
> have this one.
> 
>   ...
>  |thats really not cool
> 
> As far as i understand it, using the Apache license gives more
> protection to end users than the current license does, at least if
> patents get involved.
> 
>   ..
>  |> Apparently lawyers are being paid to help them push this through.  Is
>  |> that being paid for by donations people gave after Heartbleed?  Is
>  |> this why people donated?
> 
> The license is even better for end-users as the current license?

But it's not about "this licence is better than that licence".
The code has a licence and they dont respect that.

It's about "You cannot change the licence without consent of the author" and
"We just assume that you say yes to this because we dont care about your
rights", which is morally and legally wrong.

/B

Re: regarding OpenSSL License change

[Steffen Nurpmeso]

Bob Beck  wrote:
  ...

Disclaimer: i have read about licenses many years ago (likely over
a decade, i stopped reading the german computer magazine c't
somewhen in 2005).  I like and use the ISC license that your
project has chosen and fosters whenever i can.

According to [1] the chosen license is however the "best" academic
license, and the only one which allows patent protection.  Best in
sofar as all tested items are green.  The Mozilla license was
surely not possible?

  [1] http://www.osscc.net/en/licenses.html#compatibility

Interesting to me is that this is the third time this year that
this topic comes up, in January i had a private communication with
Jörg Schilling (who provided this link, again), i think a month
ago there was a thread on the Austrian Linux User list, and now we
have this one.

  ...
 |thats really not cool

As far as i understand it, using the Apache license gives more
protection to end users than the current license does, at least if
patents get involved.

  ..
 |> Apparently lawyers are being paid to help them push this through.  Is
 |> that being paid for by donations people gave after Heartbleed?  Is
 |> this why people donated?

The license is even better for end-users as the current license?

--steffen

Re: regarding OpenSSL License change

[Constantine A. Murenin]

> Date: Wed, 22 Mar 2017 16:48:10 -0400
> From: lice...@openssl.org
> To: dera...@cvs.openbsd.org
> Subject: OpenSSL License change

[...]

> We are asking for your permission to change the licence for your
> contribution. Please visit this link to respond; you will have a chance

[...]

> If we do not hear from you, we will assume that you have no objection.

Is this for real?!

Who do they think they are?

Entirely absurd.

People should not bother to respond to such nonsense, and then sue
OpenSSL for obvious copyright infringement, and move for a summary
judgement without a trial.

C.

Re: regarding OpenSSL License change

[Franco Fichtner]

> On 24 Mar 2017, at 3:51 AM, Theo de Raadt  wrote:
> 
> it is great that someone found a way to convert between licenses.
> 
> AGPL -> GPL -> ISC -> PD

pfSense went through with this, being a 2-Clause BSD fork of m0n0wall,
going through a 6-Clause ESF and CLA (all your rights are belong to
us) transition cycle in 2014 and then finally circling back to Apache
2.0 in 2016 after having failed to suppress forks thereof in light of
OPNsense and the continuation of 2-Clause BSD in 2015.

I talked to the principal author of m0n0wall who answered along the
lines of:

I wasn't asked about this. It would be impossible to ask all
previous contributors to relicense anyway, but I am no lawyer.

The end result:

Several previous contributor copyrights as well as BSD terms of
conditions stripped from the source code, copyrights for own legal
entity asserted for a blank 2004 - 2016 where it seemed fancy.

The official answer is: we own all the code so shut up.  ;)

Nobody indeed cares, except when a 2-Clause BSD fork of pfSense exists
to keep the ball rolling after the 2014 license uncertainty debacle
it gets probed by lawyers on grounds of suspicious copyright violations
allegedly requested by a larger project entity in the BSD scope (note
that pfSense does not have the pull to do this by itself, but a friendly
entity might).  The president of the organisation leading the legal
probe later personally apologises to OPNsense for the behaviour and
encourages us to continue our open source work.

The original report's results are buried by the BSD entity who allegedly
requested it, because no dirt could be found to throw at the fork.
OPNsense was also never contacted by that entity that it had doubts
about the proven-to-be unfounded handling of copyrights.

So you can: relicense whatever you want and actively hinder the
prosperity of your forks and/or competition and get away with it
instead of just working on code and project quality for the benefit
of the community at large.


Gleefully,
Franco

Re: regarding OpenSSL License change

[bytevolcano]

On Thu, 23 Mar 2017 20:51:06 -0600
"Theo de Raadt"  wrote:

> Dude, you are being melodramatic
> 
> it is great that someone found a way to convert between licenses.
> 
> AGPL -> GPL -> ISC -> PD
> 
> thumbs up to the people who found a shortcut
> 

Now this is genius.

Re: regarding OpenSSL License change

[Theo de Raadt]

> > If we do not hear from you, we will assume that you have no objection.
> 
> So, they will claim that, by not responding, the recipient agreed.
> 
> Some jurisdictions I am aware of accept verbal contracts or this kind
> of written contracts, since civil proceedings will not be held up to a
> high standard of proof. Even then, there must have been evidence of a
> contractual agreement, ie. no response = no agreement.
> 
> I say the lawyers are now working to prove that no response means the
> potential recipient agreed.
> 
> If this email has been caught by enough spam filters, they will claim
> the majority agreed.
> 

Dude, you are being melodramatic

it is great that someone found a way to convert between licenses.

AGPL -> GPL -> ISC -> PD

thumbs up to the people who found a shortcut

Re: regarding OpenSSL License change

[Theo de Raadt]

> So did anyone who replied with "NO" get a followup to "reconsider"?

So far, everyone who says no is getting a mail from Rich Salz.

Re: regarding OpenSSL License change

[Claus Assmann]

So did anyone who replied with "NO" get a followup to "reconsider"?
I only "contributed" some doc fixes, so my "vote" doesn't really
mean much.

Re: regarding OpenSSL License change

[bytevolcano]

...

> If we do not hear from you, we will assume that you have no objection.

So, they will claim that, by not responding, the recipient agreed.

Some jurisdictions I am aware of accept verbal contracts or this kind
of written contracts, since civil proceedings will not be held up to a
high standard of proof. Even then, there must have been evidence of a
contractual agreement, ie. no response = no agreement.

I say the lawyers are now working to prove that no response means the
potential recipient agreed.

If this email has been caught by enough spam filters, they will claim
the majority agreed.

Re: regarding OpenSSL License change

[Bob Beck]

On Thu, Mar 23, 2017 at 17:48 Bob Beck  wrote:

> Honestly, anyone who gets one of these should say no
>
> what would you all think if people quietly took derived works of software
> licensed under one license and took silence as assent to relicense
>
> Does this mean that with an unanswered email i can now release my re
> licensed as ISC version of gcc?  or the linux kernel?
>
> This sort of action just means that any software you write can be
> plagiarized against your will if you did not find out about it in time.
>
> thats really not cool
>
> If you write software this is not a world you want to live in.   Even if
> it does mean a anyone who can fork a github repo could get rid of the GPL
> after a period of non response from an author (dont go on vacation). As
> much as I might not agree with the GPL personally, I respect someones right
> to release thier work under a license and have it respected. without having
> to constantly answer emails and click web links telling people no
>
>
>
> On Thu, Mar 23, 2017 at 10:58 Theo de Raadt  wrote:
>
> > > The start suggests they want to privately collect sufficient consensus
> > > to pass their agenda.  They appear to be considering all actions in
> > > the tree (including mine) on equal grounds.
> >
> > I already sent them a clear "NO, i explicitly object to relicensing
> > any of my contributions."
> >
> > If any of you care about the possibility of merging future OpenSSL
> > improvements to LibreSSL and OpenBSD, i suggest you do the same.
> >
> > Similarly, if any of you dislike publishing their own code under Apache
> 2.
>
> There has been no discussion amongst the greater community of
> developers as to which license to take.  Apache 2 has come as an edict
> from Rich Salz.
>
> There has also been no statement from the original authorship that this
> is the way to go.
>
> I suspect there is a lack of approval from some, and manufacturing
> consent in volume is the approach being taken.
>
>
> Apparently lawyers are being paid to help them push this through.  Is
> that being paid for by donations people gave after Heartbleed?  Is
> this why people donated?
>
>

Re: regarding OpenSSL License change

[Bob Beck]

Honestly, anyone who gets one of these should say no

what would you all think if people quietly took derived works of software
licensed under one license and took silence as assent to relicense

Does this mean that with an unanswered email i can now release my re
licensed as ISC version of gcc?  or the linux kernel?

This sort of action just means that any software you write can be
plagiarized against your will if you did not find out about it in time.

thats really not cool

If you write software this is not a world you want to live in.   Even if it
does mean a anyone who can fork a github repo could get rid of the GPL
after a period of non response from an author (dont go on vacation). As
much as I might not agree with the GPL personally, I respect someones right
to release thier work under a license and have it respected. without having
to constantly answer emails and click web links telling people no



On Thu, Mar 23, 2017 at 10:58 Theo de Raadt  wrote:

> > > The start suggests they want to privately collect sufficient consensus
> > > to pass their agenda.  They appear to be considering all actions in
> > > the tree (including mine) on equal grounds.
> >
> > I already sent them a clear "NO, i explicitly object to relicensing
> > any of my contributions."
> >
> > If any of you care about the possibility of merging future OpenSSL
> > improvements to LibreSSL and OpenBSD, i suggest you do the same.
> >
> > Similarly, if any of you dislike publishing their own code under Apache
> 2.
>
> There has been no discussion amongst the greater community of
> developers as to which license to take.  Apache 2 has come as an edict
> from Rich Salz.
>
> There has also been no statement from the original authorship that this
> is the way to go.
>
> I suspect there is a lack of approval from some, and manufacturing
> consent in volume is the approach being taken.
>
>
> Apparently lawyers are being paid to help them push this through.  Is
> that being paid for by donations people gave after Heartbleed?  Is
> this why people donated?
>
>

Re: regarding OpenSSL License change

[Theo de Raadt]

> > The start suggests they want to privately collect sufficient consensus
> > to pass their agenda.  They appear to be considering all actions in
> > the tree (including mine) on equal grounds.
> 
> I already sent them a clear "NO, i explicitly object to relicensing
> any of my contributions."
> 
> If any of you care about the possibility of merging future OpenSSL
> improvements to LibreSSL and OpenBSD, i suggest you do the same.
> 
> Similarly, if any of you dislike publishing their own code under Apache 2.

There has been no discussion amongst the greater community of
developers as to which license to take.  Apache 2 has come as an edict
from Rich Salz.

There has also been no statement from the original authorship that this
is the way to go.

I suspect there is a lack of approval from some, and manufacturing
consent in volume is the approach being taken.


Apparently lawyers are being paid to help them push this through.  Is
that being paid for by donations people gave after Heartbleed?  Is
this why people donated?

Re: regarding OpenSSL License change

[Theo de Raadt]

> > The last sentence suggests they don't care at all about the rights of
> > the authors.
> 
> I also sent them a separate mail stating that i strongly suspect
> that last sentence to be grossly illegal in almost any jurisdiction.

Of course: Lack of consent is not equal to consent.

Re: regarding OpenSSL License change

[Ingo Schwarze]

Hi Theo,

Theo de Raadt wrote on Thu, Mar 23, 2017 at 10:18:26AM -0600:

> Lots of people have been receiving emails like the one below.
> 
> They have never asked the community of authors what they want.
> 
> I think OpenSSL are using a github "garbage-in / garbage-out" style of
> process.  Feel free to dig into what they think I am author of, and
> why.
>
> We wrote some tools to look through every version of our files, and
> our scripts found your email address.  You can see what we found:
> 
> https://license.openssl.org/cgi-bin/lookup.py?uid=619

ROFL...  :-D

Maybe they should just revert

https://github.com/openssl/openssl/commit/58964a492275ca9a59a0cd9c8155cb2491b4b909

and be done with it.  :-D


> The start suggests they want to privately collect sufficient consensus
> to pass their agenda.  They appear to be considering all actions in
> the tree (including mine) on equal grounds.

I already sent them a clear "NO, i explicitly object to relicensing
any of my contributions."

If any of you care about the possibility of merging future OpenSSL
improvements to LibreSSL and OpenBSD, i suggest you do the same.

Similarly, if any of you dislike publishing their own code under Apache 2.


> The last sentence suggests they don't care at all about the rights of
> the authors.

I also sent them a separate mail stating that i strongly suspect
that last sentence to be grossly illegal in almost any jurisdiction.

Yours,
  Ingo