Dear Tim, Formally I am a contributor with a signed CLA. I took a code definitely permitting any usage without any feedback, slightly modified it (at least by openssl-format-source and splitting between header and source), and submitted it as my feedback to OpenSSL.
I still think that it will be a good idea if Adam signs the CLA, but if he declines, we still have a correct interpretation. On Wed, Jul 10, 2019 at 1:43 PM Tim Hudson <t...@cryptsoft.com> wrote: > Previous assertions that if the license was compatible that we don't need > a CLA in order to accept a contribution were incorrect. > You are now questioning the entire purpose of contributor agreements and > effectively arguing they are superfluous and that our policy should be > different. > > You are (of course) entitled to your opinion on the topic - however the > project view and policy on this is both clear and consistent even if it is > different from what you would like to see. > > If someone else wants to create a derivative of the software and combine > in packages under other licenses (Apache License or otherwise) without > having CLAs in place then that is their choice to do so as long as they > adhere to the license agreement. > Again, all of this is use under the license. What our policies cover is > for contributions that the project itself will distribute - and entirely > separate context for what others can do with the resulting package. > > The CLAs are not the same as code being contributed under an Apache > License 2.0. > There are many sound reasons for CLAs existing, and discussion of those > reasons isn't an appropriate topic IMHO for openssl-project. > > Tim. > > > > On Wed, Jul 10, 2019 at 8:08 PM Salz, Rich <rs...@akamai.com> wrote: > >> Thank you for the reply. >> >> >> >> *>*The license under which the OpenSSL software is provided does not >> require "permission" to be sought for use of the software. >> >> See https://www.openssl.org/source/apache-license-2.0.txt >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_source_apache-2Dlicense-2D2.0.txt&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=xXRygChGgiK1BqBdOliLUVY3TL3voFi6oS6EUcMdAaU&s=g7Itj8LyezH-cDY2PLhFY6RkrbcX4b3xX5A7_f9MQvE&e=> >> >> >> >> Use, as defined by the license, doesn’t just mean end-users, and it is >> not limited to compiling, linking, and running executables. A recipient >> can make derivative items, redistribute, and so on. All of those things are >> what OpenSSL would do if it “took in” code into the source base. >> >> >> >> So why does the project require permission from other Apache-licensed >> licensed software? In other words, why will the project not accept and use >> the rights, covered by copyright and license, that it grants to others? >> >> >> > -- SY, Dmitry Belyavsky