Previous assertions that if the license was compatible that we don't need a CLA in order to accept a contribution were incorrect. You are now questioning the entire purpose of contributor agreements and effectively arguing they are superfluous and that our policy should be different.
You are (of course) entitled to your opinion on the topic - however the project view and policy on this is both clear and consistent even if it is different from what you would like to see. If someone else wants to create a derivative of the software and combine in packages under other licenses (Apache License or otherwise) without having CLAs in place then that is their choice to do so as long as they adhere to the license agreement. Again, all of this is use under the license. What our policies cover is for contributions that the project itself will distribute - and entirely separate context for what others can do with the resulting package. The CLAs are not the same as code being contributed under an Apache License 2.0. There are many sound reasons for CLAs existing, and discussion of those reasons isn't an appropriate topic IMHO for openssl-project. Tim. On Wed, Jul 10, 2019 at 8:08 PM Salz, Rich <rs...@akamai.com> wrote: > Thank you for the reply. > > > > *>*The license under which the OpenSSL software is provided does not > require "permission" to be sought for use of the software. > > See https://www.openssl.org/source/apache-license-2.0.txt > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_source_apache-2Dlicense-2D2.0.txt&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=xXRygChGgiK1BqBdOliLUVY3TL3voFi6oS6EUcMdAaU&s=g7Itj8LyezH-cDY2PLhFY6RkrbcX4b3xX5A7_f9MQvE&e=> > > > > Use, as defined by the license, doesn’t just mean end-users, and it is not > limited to compiling, linking, and running executables. A recipient can > make derivative items, redistribute, and so on. All of those things are > what OpenSSL would do if it “took in” code into the source base. > > > > So why does the project require permission from other Apache-licensed > licensed software? In other words, why will the project not accept and use > the rights, covered by copyright and license, that it grants to others? > > >