Re: [openssl-dev] We're working on license changes

--On Saturday, November 21, 2015 11:12 PM + "Salz, Rich" wrote: The GNU folks clearly state that they are compatible: Interesting. We'll look at it. Thanks. Don't get your hopes up :) Thank you for being willing to take the time to look into it. :) If compatibilty with the GPLv2

Re: [openssl-dev] We're working on license changes

> The GNU folks clearly state that they are compatible: Interesting. We'll look at it. Thanks. Don't get your hopes up :) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] We're working on license changes

--On Saturday, November 21, 2015 10:32 PM + "Salz, Rich" wrote: Sorry, that answer -- quoting a claim -- does not answer my question. If the issue between APL and GPL2 is patent, then how can MPL2 address both? The GNU folks clearly state that they are compatible:

Re: [openssl-dev] We're working on license changes

On Sat, 21 Nov 2015 at 22:39 Kurt Roeckx wrote: > On Sat, Nov 21, 2015 at 10:09:51PM +, Ben Laurie wrote: > > On Sat, 21 Nov 2015 at 21:14 Kurt Roeckx wrote: > > > > > On Sat, Nov 21, 2015 at 12:02:22PM -0800, Quanah Gibson-Mount wrote: > > > > --On Saturday, November 21, 2015 8:24 PM +0100

Re: [openssl-dev] We're working on license changes

On Sat, Nov 21, 2015 at 10:09:51PM +, Ben Laurie wrote: > On Sat, 21 Nov 2015 at 21:14 Kurt Roeckx wrote: > > > On Sat, Nov 21, 2015 at 12:02:22PM -0800, Quanah Gibson-Mount wrote: > > > --On Saturday, November 21, 2015 8:24 PM +0100 Kurt Roeckx < > > k...@roeckx.be> > > > wrote: > > > >>So t

Re: [openssl-dev] We're working on license changes

Sorry, that answer -- quoting a claim -- does not answer my question. If the issue between APL and GPL2 is patent, then how can MPL2 address both? ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] We're working on license changes

--On Saturday, November 21, 2015 10:07 PM + "Salz, Rich" wrote: I don't see how MPL2 can have patent protection when it is the patent protection that cases GPL2 to be incompatible with APL2. MPL version 2.0 is compatible with both the Apache License[11] and by default "the GNU GPL versi

Re: [openssl-dev] We're working on license changes

On Sat, 21 Nov 2015 at 21:14 Kurt Roeckx wrote: > On Sat, Nov 21, 2015 at 12:02:22PM -0800, Quanah Gibson-Mount wrote: > > --On Saturday, November 21, 2015 8:24 PM +0100 Kurt Roeckx < > k...@roeckx.be> > > wrote: > > >>So the MPLv2 is compatible with the APLv2. The MPLv2 is compatible > with > >

Re: [openssl-dev] We're working on license changes

I don't see how MPL2 can have patent protection when it is the patent protection that cases GPL2 to be incompatible with APL2. >I have not looked into it and I am not a lawyer. Ah. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/m

Re: [openssl-dev] We're working on license changes

On Sat, Nov 21, 2015 at 12:02:22PM -0800, Quanah Gibson-Mount wrote: > --On Saturday, November 21, 2015 8:24 PM +0100 Kurt Roeckx > wrote: > >>So the MPLv2 is compatible with the APLv2. The MPLv2 is compatible with > >>the GPLv2 and the APLv2 is copmatible with GPLv3. The MPLv2 has patent > >>la

Re: [openssl-dev] We're working on license changes

--On Saturday, November 21, 2015 8:24 PM +0100 Kurt Roeckx wrote: So the MPLv2 is compatible with the APLv2. The MPLv2 is compatible with the GPLv2 and the APLv2 is copmatible with GPLv3. The MPLv2 has patent language along the same lines as the APLv2. I haven't looked into it and I am not a

Re: [openssl-dev] We're working on license changes

On Sat, Nov 21, 2015 at 11:07:36AM -0800, Quanah Gibson-Mount wrote: > --On Saturday, November 21, 2015 12:50 PM +0100 Kurt Roeckx > wrote: > > > > >I would like to point out that GPLv2 also isn't compatible with > >GPLv3, and that that is causing just as much problems as the > >current OpenSSL

Re: [openssl-dev] We're working on license changes

--On Saturday, November 21, 2015 12:50 PM +0100 Kurt Roeckx wrote: I would like to point out that GPLv2 also isn't compatible with GPLv3, and that that is causing just as much problems as the current OpenSSL license. Both the GPLv3 and Apache 2.0 have protection for patents, which is why it

Re: [openssl-dev] We're working on license changes

On Fri, Nov 20, 2015 at 01:01:37PM -0800, Quanah Gibson-Mount wrote: > --On Friday, November 20, 2015 9:47 PM +0100 Richard Levitte > wrote: > > >I would like to point out that the GNU project talks about the Apache > >v2 license in positive terms: > > > >http://www.gnu.org/licenses/license-list.

Re: [openssl-dev] We're working on license changes

--On Friday, November 20, 2015 9:28 PM + Jonathan Larmour wrote: So a dual license still seems desirable to me. However, also, and as I said when this came up before, I don't believe the OpenSSL team is legally permitted to change the license as they do not hold the entire copyright. To cha

Re: [openssl-dev] We're working on license changes

> you need a copyright assignment or Contributor License Agreement from every > individual or company who has contributed code to OpenSSL. You cannot change > the terms of something you do not own. That is admittedly a significant > hurdle to any change. Yup. That's why it will take a while. _

Re: [openssl-dev] We're working on license changes

On 20/11/15 20:48, Salz, Rich wrote: >> Is there a possibility of releasing it under more than one license? > > Highly doubtful, at least not at first. > >> Otherwise, I honestly don't really see the point of relicensing >> OpenSSL as moving to apache v2 does not resolve the primary problem >> wi

Re: [openssl-dev] We're working on license changes

--On Friday, November 20, 2015 9:47 PM +0100 Richard Levitte wrote: I would like to point out that the GNU project talks about the Apache v2 license in positive terms: http://www.gnu.org/licenses/license-list.html When dealing with the GPLv3, yes. However, it clearly notes the incompatibi

Re: [openssl-dev] We're working on license changes

>Is there a possibility of releasing it under more than one license? Highly doubtful, at least not at first. > Otherwise, I honestly don't really see the point of relicensing OpenSSL as > moving to apache v2 does not resolve the primary problem with the OpenSSL > license that currently exists.

Re: [openssl-dev] We're working on license changes

In message <313961D7FE900DC0D4BE4654@[192.168.1.9]> on Fri, 20 Nov 2015 12:37:13 -0800, Quanah Gibson-Mount said: quanah> --On Friday, November 20, 2015 7:34 PM + "Salz, Rich" quanah> -- wrote: quanah> quanah> > It's almost definitely going to be Apache v2. quanah> quanah> Is there a possi

Re: [openssl-dev] We're working on license changes

--On Friday, November 20, 2015 7:34 PM + "Salz, Rich" wrote: It's almost definitely going to be Apache v2. Is there a possibility of releasing it under more than one license? Otherwise, I honestly don't really see the point of relicensing OpenSSL as moving to apache v2 does not resolve

Re: [openssl-dev] We're working on license changes

It's almost definitely going to be Apache v2. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] We're working on license changes

--On Tuesday, August 04, 2015 3:35 PM -0700 Quanah Gibson-Mount wrote: Just curious -- Any update on this? Is OpenSSL going to use something GPLv2 compatible? etc. Thanks, Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open sour

Re: [openssl-dev] We're working on license changes

On Thu, 2015-08-06 at 02:36 +0100, Jonathan Larmour wrote: > A CLA is a way of getting the employee to consider and affirm that they do in > fact own the copyright to a contribution. Alternatively, the employer can do > the CLA. Many projects have started using 'Signed-off-by' to indicate this, ra

Re: [openssl-dev] We're working on license changes

On 04/08/15 15:54, Blumenthal, Uri - 0553 - MITLL wrote: >> On 04/08/15 00:37, Quanah Gibson-Mount wrote: >>> I also don't get why a CLA is required, overall. >> >> It's not something I'm thrilled about either. However we have been >> receiving legal advice. That advice tells us that we should be

Re: [openssl-dev] We're working on license changes

--On Tuesday, August 04, 2015 2:14 PM -0400 Brian Smith wrote: It is natural for a lawyer to tell you to require lots of things to protect whatever entity is paying them. That's defense-in-depth type advice from them. However, lawyers do cost-benefit analysis based on the goals you give them.

Re: [openssl-dev] We're working on license changes

> All contemporary references you see to the OpenSSL Software Foundation > are for the new non-profit Delaware entity. As Rich has noted we do need to > change mentions of the original entity, now confined to FIPS related > activities > only. I fixed the one I could find :) __

Re: [openssl-dev] We're working on license changes

On 08/04/2015 04:02 PM, Brian Smith wrote: > ... > > > The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is > incorporated in the United States as a regular for-profit corporation," > and the proposed CLA[2] is an agreement between the contributor and that > for-profit corporatio

Re: [openssl-dev] We're working on license changes

>Basically, I'm asking for more considerations to be added to the threat model: Intereseting, thanks. >The OpenSSL website says[1] "the OpenSSL Software Foundation (OSF) is >incorporated in the United States as a regular for-profit corporation," and >the proposed CLA[2] is an agreement between

Re: [openssl-dev] We're working on license changes

On Tue, Aug 4, 2015 at 2:47 PM, Salz, Rich wrote: > > It is natural for a lawyer to tell you to require lots of things to > protect whatever entity is paying them. > > Well, yeah, sure. But I would hope that the bono-fides of the SFLC and > Eben Moglen aren't being called into question. > Nope

Re: [openssl-dev] We're working on license changes

>  Who is "us"? The openssl dev team. > It is natural for a lawyer to tell you to require lots of things to protect > whatever entity is paying them. Well, yeah, sure. But I would hope that the bono-fides of the SFLC and Eben Moglen aren't being called into question. >For an example of this

Re: [openssl-dev] We're working on license changes

On 04/08/15 18:14, Brian Smith wrote: > Note that the proposed CLA is granting special privileges to a > particular **for-profit** US corporation. It isn't technically copyright > assignment, but is practically the same thing. If you read the agreement > carefully, it is asking every contributor

Re: [openssl-dev] We're working on license changes

On Tue, Aug 4, 2015 at 10:53 AM, Salz, Rich wrote: > > How about getting a second opinion? > > You want to hire us legal counsel who understands the issues? Great. Who is "us"? It is natural for a lawyer to tell you to require lots of things to protect whatever entity is paying them. That's

Re: [openssl-dev] We're working on license changes

To: openssl-dev@openssl.org Subject: Re: [openssl-dev] We're working on license changes > For my own use most any open source license works fine. We are hoping most people will feel that way. Thanks for your interest! ___ openssl-dev mailing lis

Re: [openssl-dev] We're working on license changes

> For my own use most any open source license works fine. We are hoping most people will feel that way. Thanks for your interest! ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] We're working on license changes

ent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Salz, Rich‎ Sent: Tuesday, August 4, 2015 10:54 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] We're working on license changes ‎ > How about getting a s

Re: [openssl-dev] We're working on license changes

> Also, did the advice you got explicitly state "'the' CLA as opposed to other > possible licenses such as MIT, BSD, LGPL, etc."?‎ Were any reasons provided > that you may be able to share? Nothing we wish to share at this point in time, no. ___ openssl

Re: [openssl-dev] We're working on license changes

erry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Blumenthal, Uri - 0553 - MITLL Sent: Tuesday, August 4, 2015 09:20 To: Matt Caswell; openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] We're working on license changes How

Re: [openssl-dev] We're working on license changes

> How about getting a second opinion? You want to hire us legal counsel who understands the issues? Great. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] We're working on license changes

How about getting a second opinion? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Matt Caswell Sent: Tuesday, August 4, 2015 03:56 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] We're worki

Re: [openssl-dev] We're working on license changes

On 04/08/15 00:37, Quanah Gibson-Mount wrote: > I also don't get why a CLA is required, overall. It's not something I'm thrilled about either. However we have been receiving legal advice. That advice tells us that we should be putting in place a CLA. Matt __

Re: [openssl-dev] We're working on license changes

On 31/07/15 19:19, Brian Smith wrote: > > Also, I question the need for people to sign a CLA to contribute to OpenSSL. > OpenSSL has been very successful for decades without a CLA requirement. Lots > of other projects are extremely successful without a CLA. A CLA seems > unnecessary. More import

Re: [openssl-dev] We're working on license changes

--On Tuesday, August 04, 2015 12:02 AM +0100 Matt Caswell wrote: On 03/08/15 22:51, Quanah Gibson-Mount wrote: It is curious as well that the openssl project did not solicit feedback from it's community before announcing said license change to see what the general consensus of the community

Re: [openssl-dev] We're working on license changes

On 03/08/15 22:51, Quanah Gibson-Mount wrote: > It is curious as well that the openssl project did not solicit feedback > from it's community before announcing said license change to see what > the general consensus of the community is on the best path forward, and > instead is moving towards a s

Re: [openssl-dev] We're working on license changes

--On Friday, July 31, 2015 3:19 PM -0400 Brian Smith wrote: On Fri, Jul 31, 2015 at 12:29 PM, Hanno Böck wrote: "Salz, Rich" wrote: In the spirit of making OpenSSL as useful as possible for everyone  I would consider a permissive license that's more compatible (e.g. MIT) a wiser cho

Re: [openssl-dev] We're working on license changes

On Fri, Jul 31, 2015 at 12:29 PM, Hanno Böck wrote: > "Salz, Rich" wrote: > > > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > > more details. > > > > Summary: Moving to Apache 2, CLA's coming, it will take time. > > This is a huge step if it works (I leave it up to the

Re: [openssl-dev] We're working on license changes

+1 Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Hanno Böck Sent: Friday, July 31, 2015 12:55 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] We're working on license changes Hi, On Fri, 3

Re: [openssl-dev] We're working on license changes

Hi, On Fri, 31 Jul 2015 14:37:30 + "Salz, Rich" wrote: > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > more details. > > Summary: Moving to Apache 2, CLA's coming, it will take time. This is a huge step if it works (I leave it up to the lawyers to decide if it wi

[openssl-dev] We're working on license changes

Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some more details. Summary: Moving to Apache 2, CLA's coming, it will take time. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-dev mailin