On Wed, 2016-11-30 at 19:32 +0000, Salz, Rich wrote: > > OK, so where is the foundation charter and who are your lawyers? > > Wow, this seems to have taken a turn to the unfriendly. I apologize > if I added to that. Sometimes a smiley doesn't wipe out all bad > impressions.
No, it's standard if you insist on the CLA route: If you sign a CLA to an organization, you have to understand what the organization does before you understand what you're actually committing to: the actual commitment isn't within the four corners of the CLA. Your current ICLA gives effectively an unlimited perpetual licence to do anything with regard to sublicensing so the scope of that grant is actually governed by the bylaws and restrictions of the foundation itself because it is the grant recipient. For instance, the old OpenStack ICLA was fairly similar to yours so you had to dig into their bylaws to understand what they were actually committing to do with the code (basically sublicense it to all comers under ASL-2). The structure of the organisation matters a lot: unlimited grant to a corporate entity under a CLA is usually a bad idea because they often have nefarious plans to take your code private via a dual licence, or they might mean well, but their intentions become nullified if they get taken over. Foundations are usually better because their charter often restricts what they can actually do with the code and what happens to the grant in the event of dissolution or takeover, which is why reading and understanding the charter (and possibly the bylaws) is important. Usually I don't have to ask, all of this is simply available on the web most of the time. It's just the openssl foundation doesn't appear to have any of this online. I suspect IBM will need to sign a CCLA ... they'll definitely need to know who your lawyers are. > The OpenSSL Software Foundation is incorporated in the the state of > Delaware, United States, as a non-profit corporation. It does not > qualify as a tax-exempt charitable organisation under Section > 501(c)(3) of the U.S. Internal Revenue Code. You can email > i...@opensslfoundation.org with questions. > But do note that openssl open source project itself is not governed > by those entities, but rather by the collection of individuals known > as the development team. You can find more information by clicking > on the "policies" and "community" tab on the website. I did check those links ... they don't have any governance information about the actual openssl foundation that I can find. James -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev