1. 16

  2. 7

    If we do not hear from you, we will assume that you have no objection.

    Is this for real? What are they, Google?

    How about this:

    • dear OpenSSL core, I feel like a public domain licence is more appropriate for OpenSSL, given the nature of the code that you’ve written, and the impact it has on WWW; if we don’t hear from you, we’ll assume you have no objection to a relicense as such.
    1. 1

      What are they, Google?

      Did Google do anything like this?

      1. 1

        Well, it depends on your interpretation, but most of their Terms Of Service include some content license from the user to Google (the services are supposed to distribute user submitted content, after all — just as the current OpenSSL core team is expected to maintain and distribute the code evolving from the original code), and their ToS changes sometimes change the wording. The user not deleting the account is considered enough consent. And it’s not like Google emails a highlighted diff to every user.

    2. 1

      I didn’t realise this, but the Apache version 2 and GPLv2 licenses are incompatible (Apache version 2 and GPLv3 are compatible, however). The Apache Software Foundation also has a bit to say about it.

      Ignoring everything else, I wonder why Apache was chosen as the new license? I’m guessing because of the patent clauses? It’s a bit annoying that the incompatibility between the current (soon to be old, I guess) OpenSSL license and GPLv2 licensed code isn’t being resolved by the license change.

      BTW, the link in Theo’s mail allows one to actually submit his response (I’m surprised he didn’t redact it, lest it be abused…).

      1. 3

        As far as I can tell APLv2 ends up being preferred whenever US lawyers are consulted due to fear of patent litigation. In other jurisdictions the good old BSD licence seems to work just fine for the same purposes.