Re: regarding OpenSSL License change
On Thu, Mar 23, 2017 at 10:18:26AM -0600, Theo de Raadt wrote: > Lots of people have been receiving emails like the one below. [...] > Date: Wed, 22 Mar 2017 16:48:10 -0400 > From: lice...@openssl.org > To: dera...@cvs.openbsd.org > Subject: OpenSSL License change > Message-ID: <20170322204810.ra49wtmwn%lice...@openssl.org> > User-Agent: s-nail v14.8.6 > Status: O > > Hello! > > This mail is coming from the OpenSSL development team. > > This is a pre-release email before we "go public." In particular, > the most recent blog entry, listed below, is not yet available. But we > thought, as an important downstream fork, that we'd give you the courtesy > of participating early. > > We are working to change the license for OpenSSL. We want to move from > the current license (which is custom-written and has some uncommon > requirements on end-users), to the widely-accepted and common > Apache License (version 2). You can find some explanation in > our blog entries: Thinking some more about it, the step from "custom written licence, weird wording" into "Apache 2, wide-spread and acceptable" is very hypocritical. If I understand things correctly, it's mainly a specific choice from one guy, and I believe it should be scrutinized more: why choose the Apache License v2, which is very controversial, instead of a more widely accepted license, such as the 2 clause BSD / ISC license ? I would very much like to know if this is a misguided clueless attempt to simplify things (we're talking about openssl, so this wouldn't be too far-fetched), or whether there's an actual further agenda pushed by some organisation with deep pockets which is ready to "sponsor" some openssl developers if they manage to get things moving in the right direction. -- Marc
Re: regarding OpenSSL License change
On Sun, Mar 26, 2017 at 08:49:39PM -0500, Jimmy Hess wrote: > > > From: "Constantine A. Murenin" > > > If we do not hear from you, we will assume that you have no objection. > > Is this for real?! > > Who do they think they are? ... > >People should not bother to respond to such nonsense, and then sue > > OpenSSL for obvious copyright infringement > > I think "Don't bother to respond, and plan to sue" would be a poor > response, that would just hurt everyone involved.Of course > silence does not generally grant permission. But the people in > that project might be able to convincingly deliver some kind of > argument that they've had implicit or "understood" permissions made > at time of submission to use contributions however the project > collectively agrees to use them. Bullshit. The FSF, who understands this kind of stuff, was very careful about that with their paperwork. All other organisations that ever wanted to change licences or audit their trees had to spend quite a lot of time contacting authors and fixing things. Basically, the only thing you can do when an author doesn't agree is rewrite stuff from scratch. The OpenSSL authors don't have a magic wand that allows them to do whatever they please. For that matter, if they DID have a magic wand, a much better use of it would be to zap away all the bugs in their code. > Also, there is no work-around for a contributor denying. They might > have the idea of simply Removing and Replacing a contribution (Even > if you can accurately identify and rewrite specific lines of code from > a certain author) does not necessarily make the distribution > Non-infringing, As later code is likely to have built on top of > earlier code. Rewrite from scratch. The importance of code lines is generally greatly exaggerated. Non regression tests are generally way more precious than actual code.
Re: regarding OpenSSL License change
>>> Jimmy Hess 27-Mar-17 02:49 >>> : > silence does not generally grant permission. Since never grants permission. > But the people in that project might be able to convincingly deliver some > kind of argument that they've had implicit or "understood" permissions > made at time of submission to use contributions however the project > collectively agrees to use them. Absolutely not. When I contribute to an open source project, I do so under the terms of the licences in the files I work on _at that time_. If I completely rewrite or add new files, I put those files under the standard licence used by the project, and that code is then licenced in that (possibly different) way. And the specific licence is important to me. It is a significant factor in the choice of which project to work on (which is why I choose to hack on OpenBSD rather than, say, Linux). The terms under which I contribute are those licences - there is no other implied permission. If anyone wants to change the licence used by code I have contributed, they need my approval. And if they want me to be accommodating, there had better be a public discussion about alternative licences first. Tom
Re: regarding OpenSSL License change
> > From: "Constantine A. Murenin" > > If we do not hear from you, we will assume that you have no objection. > Is this for real?! > Who do they think they are? ... >People should not bother to respond to such nonsense, and then sue > OpenSSL for obvious copyright infringement I think "Don't bother to respond, and plan to sue" would be a poor response, that would just hurt everyone involved.Of course silence does not generally grant permission. But the people in that project might be able to convincingly deliver some kind of argument that they've had implicit or "understood" permissions made at time of submission to use contributions however the project collectively agrees to use them. I think it would be most helpful if say Three or Four significant contributors would either Object / Say No on the basis of disapproving of the "Change procedure" Or get their lawyers to draft a Cease & Decist, On behalf of both themself and their co-authors, based on the implied intent to infringe. And also, Go remind those folksthat distributed Binaries based on OpenSSL tree will be infringing with a changed license document if Even 1 Contributor has not agreed to the re-license. Also, there is no work-around for a contributor denying. They might have the idea of simply Removing and Replacing a contribution (Even if you can accurately identify and rewrite specific lines of code from a certain author) does not necessarily make the distribution Non-infringing, As later code is likely to have built on top of earlier code. A suggested concept would be contributors Replying to the inquiry with something firmly saying No, and reminding them that Derivative works include non-literal copying. EG [EXAMPLE ] language: "I do not approve of the manner in which this license change is being negotiated; All my co-authors/co-contributors to this code base must explicitly agree to the change in principle for me to consider granting permission. I Do Not consent at this time to any license change regarding any part of any of my submitted or committed code, Nor any modified version or derivative work of my contribution(s) created by non-literal copying of my work deviating from the terms of the the OpenSSL+SSLeay license documents found in the source tree at the time that my contribution was made. If a license statement was not included with any work I submitted, then my default terms are: Copyright, All Rights Reserved. I hereby pre-emptively remind you that: Derivative work includes all code added to the project, even by other developers that followed my contributions in time which extended any functionality on top of OpenSSL based on changing or extending my earlier work, or related to my code in any way, Including design style, naming conventions, usage of headers and function prototypes, variable names, and miscellaneous aesthetic qualities of my contributions. Please recall the following text from the SSLeay license terms which applies to my contributions and all OpenSSL project code based on SSLeay: * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] " -- -JH
Re: regarding OpenSSL License change
"Michael W. Lucas" wrote: |On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote: |> It's about "You cannot change the licence without consent of the \ |> author" and |> "We just assume that you say yes to this because we dont care about your |> rights", which is morally and legally wrong. | |It's very simple. Four words. | |"Silence is not consent." | |Not in contracts. Not in sex. And not in licensing. You can say this word. This is funny now, .. that you say this. No no, no. I fail to respond to that that is to say. --steffen
Re: regarding OpenSSL License change
Sebastian Benoit wrote: |Steffen Nurpmeso(stef...@sdaoden.eu) on 2017.03.24 14:03:45 +0100: |> Bob Beck wrote: ... |> According to [1] the chosen license is however the "best" academic |> license, and the only one which allows patent protection. Best in |> sofar as all tested items are green. The Mozilla license was |> surely not possible? |> |> [1] http://www.osscc.net/en/licenses.html#compatibility ... |>|thats really not cool |> |> As far as i understand it, using the Apache license gives more |> protection to end users than the current license does, at least if |> patents get involved. |> |> .. |>|> Apparently lawyers are being paid to help them push this through. Is |>|> that being paid for by donations people gave after Heartbleed? Is |>|> this why people donated? |> |> The license is even better for end-users as the current license? | |But it's not about "this licence is better than that licence". Of course it is, even not being personally involved looking at the file headers it would be a wonderful cleanup if this jungle could be replaced with a single copyright header. |The code has a licence and they dont respect that. |It's about "You cannot change the licence without consent of the author" \ Like it is stated in the file header. |and |"We just assume that you say yes to this because we dont care about your |rights", which is morally and legally wrong. That is, the way you say it, absurd. Morally wrong is, with 58 percent loss of life since 1971, to fly 4 kilometres for three days of hacking or a week of holiday including soiling of historic sites and stealing towels and anything else which fits into the suitcase from the hotel. Buying a new car or a new phone so-and-so often, because of the same reason. Or eating meat more than once a week, or at all in fast food restaurants, at least if you live in Germany, like you do?, because this is why the rainforests die, and the animals live under terrible conditions, without sun light, without any space for living, and without that word that cannot be used on an american list, but anyway cows will never feel the ton of a hot steaming bull body but instead the plastic glove of a Volkswagen driver, up to the shoulder. But even if you don't care about the animals, it is still morally wrong because we first world people no longer eat ears, heads, feets, and all that is shipped for a ridiculous amount of money to Africa, were thousand year old traditions die since decades due to that, because Farmers cannot afford this price, and if they do they soil the acres, and if they don't they leave their land and go to the cities, where they need more water than the land can offer, and so you loose-loose and the deserts grow further, and this goes on since decades. And not talking at all about the growing resistance of bacteria for antibiotics, also since decades. Or having never cared for details but going on like a zombie and voting the next demagogue that comes along and promises whatever. Or, worse, even doing this on purpose because the human heart never gets enough. So this and much more is morally wrong, but asking all contributors for a license change, a free license that seems to be the "best license" for freedom, as has been verified, for the massively and growing more massively still material world, where some money-backed lawyers could enforce a shutdown of services if some patent would be violated, for example, the word "morally wrong" should be carefully chosen in my opinion. I also sometimes have the impression that OpenSSL has become a heavy truck that blindly rolls over the little flowers, though. On the other hand i have received even two messages for different addresses for contributions so marginal that it is almost laughable that someone asks me at all. The thing is, if i, with these contributions, would really be allowed to veto the entire switchover, then the world will stand still, because there are, in fact, many little pissers all around us. And this as an European. I for one think like this, but of course other contributions are of much more value than mine, and if there would be a "no" from such a contributor, things may or even will be different. --steffen
Re: regarding OpenSSL License change
On Fri, Mar 24, 2017 at 11:55:10AM -0400, Michael W. Lucas wrote: > On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote: > > It's about "You cannot change the licence without consent of the author" and > > "We just assume that you say yes to this because we dont care about your > > rights", which is morally and legally wrong. > > > It's very simple. Four words. > > "Silence is not consent." > > Not in contracts. Not in sex. And not in licensing. > This is the clearest description of the situation. Sadly, "clear" is something the OpenSSL folks are unfamiliar with... -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: regarding OpenSSL License change
On Fri, Mar 24, 2017 at 02:37:58PM +0100, Sebastian Benoit wrote: > It's about "You cannot change the licence without consent of the author" and > "We just assume that you say yes to this because we dont care about your > rights", which is morally and legally wrong. It's very simple. Four words. "Silence is not consent." Not in contracts. Not in sex. And not in licensing. ==ml -- Michael W. LucasTwitter @mwlauthor nonfiction: https://www.michaelwlucas.com/ fiction: https://www.michaelwarrenlucas.com/ blog: http://blather.michaelwlucas.com/
Re: regarding OpenSSL License change
Steffen Nurpmeso(stef...@sdaoden.eu) on 2017.03.24 14:03:45 +0100: > Bob Beck wrote: > ... > > Disclaimer: i have read about licenses many years ago (likely over > a decade, i stopped reading the german computer magazine c't > somewhen in 2005). I like and use the ISC license that your > project has chosen and fosters whenever i can. > > According to [1] the chosen license is however the "best" academic > license, and the only one which allows patent protection. Best in > sofar as all tested items are green. The Mozilla license was > surely not possible? > > [1] http://www.osscc.net/en/licenses.html#compatibility > > Interesting to me is that this is the third time this year that > this topic comes up, in January i had a private communication with > J??rg Schilling (who provided this link, again), i think a month > ago there was a thread on the Austrian Linux User list, and now we > have this one. > > ... > |thats really not cool > > As far as i understand it, using the Apache license gives more > protection to end users than the current license does, at least if > patents get involved. > > .. > |> Apparently lawyers are being paid to help them push this through. Is > |> that being paid for by donations people gave after Heartbleed? Is > |> this why people donated? > > The license is even better for end-users as the current license? But it's not about "this licence is better than that licence". The code has a licence and they dont respect that. It's about "You cannot change the licence without consent of the author" and "We just assume that you say yes to this because we dont care about your rights", which is morally and legally wrong. /B
Re: regarding OpenSSL License change
Bob Beck wrote: ... Disclaimer: i have read about licenses many years ago (likely over a decade, i stopped reading the german computer magazine c't somewhen in 2005). I like and use the ISC license that your project has chosen and fosters whenever i can. According to [1] the chosen license is however the "best" academic license, and the only one which allows patent protection. Best in sofar as all tested items are green. The Mozilla license was surely not possible? [1] http://www.osscc.net/en/licenses.html#compatibility Interesting to me is that this is the third time this year that this topic comes up, in January i had a private communication with Jörg Schilling (who provided this link, again), i think a month ago there was a thread on the Austrian Linux User list, and now we have this one. ... |thats really not cool As far as i understand it, using the Apache license gives more protection to end users than the current license does, at least if patents get involved. .. |> Apparently lawyers are being paid to help them push this through. Is |> that being paid for by donations people gave after Heartbleed? Is |> this why people donated? The license is even better for end-users as the current license? --steffen
Re: regarding OpenSSL License change
> Date: Wed, 22 Mar 2017 16:48:10 -0400 > From: lice...@openssl.org > To: dera...@cvs.openbsd.org > Subject: OpenSSL License change [...] > We are asking for your permission to change the licence for your > contribution. Please visit this link to respond; you will have a chance [...] > If we do not hear from you, we will assume that you have no objection. Is this for real?! Who do they think they are? Entirely absurd. People should not bother to respond to such nonsense, and then sue OpenSSL for obvious copyright infringement, and move for a summary judgement without a trial. C.
Re: regarding OpenSSL License change
> On 24 Mar 2017, at 3:51 AM, Theo de Raadt wrote: > > it is great that someone found a way to convert between licenses. > > AGPL -> GPL -> ISC -> PD pfSense went through with this, being a 2-Clause BSD fork of m0n0wall, going through a 6-Clause ESF and CLA (all your rights are belong to us) transition cycle in 2014 and then finally circling back to Apache 2.0 in 2016 after having failed to suppress forks thereof in light of OPNsense and the continuation of 2-Clause BSD in 2015. I talked to the principal author of m0n0wall who answered along the lines of: I wasn't asked about this. It would be impossible to ask all previous contributors to relicense anyway, but I am no lawyer. The end result: Several previous contributor copyrights as well as BSD terms of conditions stripped from the source code, copyrights for own legal entity asserted for a blank 2004 - 2016 where it seemed fancy. The official answer is: we own all the code so shut up. ;) Nobody indeed cares, except when a 2-Clause BSD fork of pfSense exists to keep the ball rolling after the 2014 license uncertainty debacle it gets probed by lawyers on grounds of suspicious copyright violations allegedly requested by a larger project entity in the BSD scope (note that pfSense does not have the pull to do this by itself, but a friendly entity might). The president of the organisation leading the legal probe later personally apologises to OPNsense for the behaviour and encourages us to continue our open source work. The original report's results are buried by the BSD entity who allegedly requested it, because no dirt could be found to throw at the fork. OPNsense was also never contacted by that entity that it had doubts about the proven-to-be unfounded handling of copyrights. So you can: relicense whatever you want and actively hinder the prosperity of your forks and/or competition and get away with it instead of just working on code and project quality for the benefit of the community at large. Gleefully, Franco
Re: regarding OpenSSL License change
On Thu, 23 Mar 2017 20:51:06 -0600 "Theo de Raadt" wrote: > Dude, you are being melodramatic > > it is great that someone found a way to convert between licenses. > > AGPL -> GPL -> ISC -> PD > > thumbs up to the people who found a shortcut > Now this is genius.
Re: regarding OpenSSL License change
> > If we do not hear from you, we will assume that you have no objection. > > So, they will claim that, by not responding, the recipient agreed. > > Some jurisdictions I am aware of accept verbal contracts or this kind > of written contracts, since civil proceedings will not be held up to a > high standard of proof. Even then, there must have been evidence of a > contractual agreement, ie. no response = no agreement. > > I say the lawyers are now working to prove that no response means the > potential recipient agreed. > > If this email has been caught by enough spam filters, they will claim > the majority agreed. > Dude, you are being melodramatic it is great that someone found a way to convert between licenses. AGPL -> GPL -> ISC -> PD thumbs up to the people who found a shortcut
Re: regarding OpenSSL License change
> So did anyone who replied with "NO" get a followup to "reconsider"? So far, everyone who says no is getting a mail from Rich Salz.
Re: regarding OpenSSL License change
So did anyone who replied with "NO" get a followup to "reconsider"? I only "contributed" some doc fixes, so my "vote" doesn't really mean much.
Re: regarding OpenSSL License change
... > If we do not hear from you, we will assume that you have no objection. So, they will claim that, by not responding, the recipient agreed. Some jurisdictions I am aware of accept verbal contracts or this kind of written contracts, since civil proceedings will not be held up to a high standard of proof. Even then, there must have been evidence of a contractual agreement, ie. no response = no agreement. I say the lawyers are now working to prove that no response means the potential recipient agreed. If this email has been caught by enough spam filters, they will claim the majority agreed.
Re: regarding OpenSSL License change
On Thu, Mar 23, 2017 at 17:48 Bob Beck wrote: > Honestly, anyone who gets one of these should say no > > what would you all think if people quietly took derived works of software > licensed under one license and took silence as assent to relicense > > Does this mean that with an unanswered email i can now release my re > licensed as ISC version of gcc? or the linux kernel? > > This sort of action just means that any software you write can be > plagiarized against your will if you did not find out about it in time. > > thats really not cool > > If you write software this is not a world you want to live in. Even if > it does mean a anyone who can fork a github repo could get rid of the GPL > after a period of non response from an author (dont go on vacation). As > much as I might not agree with the GPL personally, I respect someones right > to release thier work under a license and have it respected. without having > to constantly answer emails and click web links telling people no > > > > On Thu, Mar 23, 2017 at 10:58 Theo de Raadt wrote: > > > > The start suggests they want to privately collect sufficient consensus > > > to pass their agenda. They appear to be considering all actions in > > > the tree (including mine) on equal grounds. > > > > I already sent them a clear "NO, i explicitly object to relicensing > > any of my contributions." > > > > If any of you care about the possibility of merging future OpenSSL > > improvements to LibreSSL and OpenBSD, i suggest you do the same. > > > > Similarly, if any of you dislike publishing their own code under Apache > 2. > > There has been no discussion amongst the greater community of > developers as to which license to take. Apache 2 has come as an edict > from Rich Salz. > > There has also been no statement from the original authorship that this > is the way to go. > > I suspect there is a lack of approval from some, and manufacturing > consent in volume is the approach being taken. > > > Apparently lawyers are being paid to help them push this through. Is > that being paid for by donations people gave after Heartbleed? Is > this why people donated? > >
Re: regarding OpenSSL License change
Honestly, anyone who gets one of these should say no what would you all think if people quietly took derived works of software licensed under one license and took silence as assent to relicense Does this mean that with an unanswered email i can now release my re licensed as ISC version of gcc? or the linux kernel? This sort of action just means that any software you write can be plagiarized against your will if you did not find out about it in time. thats really not cool If you write software this is not a world you want to live in. Even if it does mean a anyone who can fork a github repo could get rid of the GPL after a period of non response from an author (dont go on vacation). As much as I might not agree with the GPL personally, I respect someones right to release thier work under a license and have it respected. without having to constantly answer emails and click web links telling people no On Thu, Mar 23, 2017 at 10:58 Theo de Raadt wrote: > > > The start suggests they want to privately collect sufficient consensus > > > to pass their agenda. They appear to be considering all actions in > > > the tree (including mine) on equal grounds. > > > > I already sent them a clear "NO, i explicitly object to relicensing > > any of my contributions." > > > > If any of you care about the possibility of merging future OpenSSL > > improvements to LibreSSL and OpenBSD, i suggest you do the same. > > > > Similarly, if any of you dislike publishing their own code under Apache > 2. > > There has been no discussion amongst the greater community of > developers as to which license to take. Apache 2 has come as an edict > from Rich Salz. > > There has also been no statement from the original authorship that this > is the way to go. > > I suspect there is a lack of approval from some, and manufacturing > consent in volume is the approach being taken. > > > Apparently lawyers are being paid to help them push this through. Is > that being paid for by donations people gave after Heartbleed? Is > this why people donated? > >
Re: regarding OpenSSL License change
> > The start suggests they want to privately collect sufficient consensus > > to pass their agenda. They appear to be considering all actions in > > the tree (including mine) on equal grounds. > > I already sent them a clear "NO, i explicitly object to relicensing > any of my contributions." > > If any of you care about the possibility of merging future OpenSSL > improvements to LibreSSL and OpenBSD, i suggest you do the same. > > Similarly, if any of you dislike publishing their own code under Apache 2. There has been no discussion amongst the greater community of developers as to which license to take. Apache 2 has come as an edict from Rich Salz. There has also been no statement from the original authorship that this is the way to go. I suspect there is a lack of approval from some, and manufacturing consent in volume is the approach being taken. Apparently lawyers are being paid to help them push this through. Is that being paid for by donations people gave after Heartbleed? Is this why people donated?
Re: regarding OpenSSL License change
> > The last sentence suggests they don't care at all about the rights of > > the authors. > > I also sent them a separate mail stating that i strongly suspect > that last sentence to be grossly illegal in almost any jurisdiction. Of course: Lack of consent is not equal to consent.
Re: regarding OpenSSL License change
Hi Theo, Theo de Raadt wrote on Thu, Mar 23, 2017 at 10:18:26AM -0600: > Lots of people have been receiving emails like the one below. > > They have never asked the community of authors what they want. > > I think OpenSSL are using a github "garbage-in / garbage-out" style of > process. Feel free to dig into what they think I am author of, and > why. > > We wrote some tools to look through every version of our files, and > our scripts found your email address. You can see what we found: > > https://license.openssl.org/cgi-bin/lookup.py?uid=619 ROFL... :-D Maybe they should just revert https://github.com/openssl/openssl/commit/58964a492275ca9a59a0cd9c8155cb2491b4b909 and be done with it. :-D > The start suggests they want to privately collect sufficient consensus > to pass their agenda. They appear to be considering all actions in > the tree (including mine) on equal grounds. I already sent them a clear "NO, i explicitly object to relicensing any of my contributions." If any of you care about the possibility of merging future OpenSSL improvements to LibreSSL and OpenBSD, i suggest you do the same. Similarly, if any of you dislike publishing their own code under Apache 2. > The last sentence suggests they don't care at all about the rights of > the authors. I also sent them a separate mail stating that i strongly suspect that last sentence to be grossly illegal in almost any jurisdiction. Yours, Ingo
regarding OpenSSL License change
Lots of people have been receiving emails like the one below. They have never asked the community of authors what they want. I think OpenSSL are using a github "garbage-in / garbage-out" style of process. Feel free to dig into what they think I am author of, and why. The start suggests they want to privately collect sufficient consensus to pass their agenda. They appear to be considering all actions in the tree (including mine) on equal grounds. The last sentence suggests they don't care at all about the rights of the authors. Date: Wed, 22 Mar 2017 16:48:10 -0400 From: lice...@openssl.org To: dera...@cvs.openbsd.org Subject: OpenSSL License change Message-ID: <20170322204810.ra49wtmwn%lice...@openssl.org> User-Agent: s-nail v14.8.6 Status: O Hello! This mail is coming from the OpenSSL development team. This is a pre-release email before we "go public." In particular, the most recent blog entry, listed below, is not yet available. But we thought, as an important downstream fork, that we'd give you the courtesy of participating early. We are working to change the license for OpenSSL. We want to move from the current license (which is custom-written and has some uncommon requirements on end-users), to the widely-accepted and common Apache License (version 2). You can find some explanation in our blog entries: https://www.openssl.org/blog/blog/2017/03/20/license/ https://www.openssl.org/blog/blog/2015/08/01/cla/ We wrote some tools to look through every version of our files, and our scripts found your email address. You can see what we found: https://license.openssl.org/cgi-bin/lookup.py?uid=619 We are asking for your permission to change the licence for your contribution. Please visit this link to respond; you will have a chance to accept or decline, and enter a brief comment (you can use the comment to give the names of other people we should contact, for example): https://license.openssl.org/cgi-bin/reply.py?uid=619&p=pCUKaKssFLWJztCE8FHe If you have any questions or concerns, send email to lice...@openssl.org; please be patient for a response. You can also post to the public mailing list, openssl-...@openssl.org; details about that list can be found at this site: https://mta.openssl.org/mailman/listinfo/openssl-dev If we do not hear from you, we will assume that you have no objection. Thank you! -The OpenSSL Development Team