On 30/09/2015 16:17, Steve Marquess wrote:
On 09/30/2015 09:58 AM, Jakob Bohm wrote:
On 30/09/2015 15:34, Steve Marquess wrote:
On 09/30/2015 09:18 AM, Jakob Bohm wrote:
...
Under the new "contribution agreement" scheme, publishing such items
early would also make them available to users ...
Publishing by someone else is fine, go for it. It would be nice to have
someone else publish FIPS module code, or validation information of any
kind for that matter. I think the validation process would be a lot less
capricious with less of the secrecy that is the current norm.
Point is that the contribution agreement contains a bug, whereby
anything not published by the OpenSSL Foundation in the UK is not
licensed to anyone.
Having a publication procedure for things marked "This does NOT
work in its current form, but we are giving you a license" works
around that bug ...
Speaking just for myself, and not my fellow team mates, I see no upside
and a lot of downsides to our hosting of "does not work" code
contributions. Especially for FIPS specific code. The originators of
that code are free to give it to anyone else at any time; they don't
need us to do so.
This is why I mentioned the historic contributions from
Sun and Eay: They may be unable or unwilling to repeat
the donation at a later date when it is actually needed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
