Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The following is a press release that we just released, with the cooperation and financial support of the Core Infrastructure Initiative and the Linux Foundation.
In the next few days we’ll start sending out email to all contributors asking them to approve the change. In the meantime, you can visit the licensing website and search for your name and request the email. If you have changed email addresses, or want to raise other issues about the license change, please email license@openssl.org. You can also post general issues to openssl-users@openssl.org.
Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it.
The software is licensed under the OpenSSL License, which includes its own terms and those dating back to the preceding SSLeay license.
Those driving the project announced plans to shift to a new license in 2015 and now the thousand or so people who have contributed code over the years have started receiving email messages asking them to grant permission to relicense their contributions under the Apache Software License, version 2.
Theo De Raadt, founder of OpenBSD, a contributor to OpenSSL, and creator of a LibreSSL – forked from OpenSSL in 2014 – expressed dissatisfaction with the relicensing campaign in a mailing list post, criticizing OpenSSL for failing to consult its community of authors.
"My worry is that the rights of the authors are being trampled upon, and they are only being given one choice of license which appears to be driven by a secret agreement between big corporations, Linux Foundation, lawyers, and such," he explained in an interview with The Register via phone and email.
...
De Raadt is less enthusiastic about the ASLv2, calling it more restrictive than SSLeay. LibreSSL, boringSSL, and Ring will never agree to go along, he insisted.
"That means the trees will fork and it becomes harder to observe the license terms and more software needs to be rewritten," he said, "That's a load of work on the developers who are just trying to make software better."
As of Thursday afternoon, Salz said 265 contributors have agreed to the change and 7 (described as mostly minor contributors) have refused. That means their contributions will have to be rewritten.
As for the other 870 email solicitations sent out, about half have bounced, showing that the open source community has its own version of the orphan works problem.
Eric A. Young, one of the original creators of the software (along with Tim J. Hudson) and the "eay" in the license name SSLeay, is unable to change his license as a result of contractual terms arising from his decision to join RSA.
I've got the popcorn ready. I'm going to guess that "If we do not hear from you, we will assume that you have no objection" isn't the typical, or proper, way to handle a license change.
On the software + political front, I don't know what to make of it. What are the big name projects just dying to use OpenSSL that can't because of the license? That Oracle and Intel are cheer-leading doesn't put one at ease, either.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.