Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by martyb on Friday March 24 2017, @08:21PM   Printer-friendly
from the socket-to-me dept.

The OpenSSL project, home of the world’s most popular SSL/TLS and cryptographic toolkit, is changing its license to the Apache License v 2.0 (ASL v2). As part of this effort, the OpenSSL team launched a new website and has been working with various corporate collaborators to facilitate the re-licensing process.

“This re-licensing activity will make OpenSSL, already the world’s most widely-used FOSS encryption software, more convenient to incorporate in the widest possible range of free and open source software,” said Mishi Choudhary, Legal Director of Software Freedom Law Center (SFLC) and counsel to OpenSSL. “OpenSSL’s team has carefully prepared for this re-licensing, and their process will be an outstanding example of ‘how to do it right.’ SFLC is pleased to have been able to help the team bring this process to this point, and looks forward to its successful and timely completion.”

The website will aid the OpenSSL team’s efforts to contact everyone who has contributed to the project so far, which includes nearly 400 individuals with a total of more than 31,000 commits. The current license dates back to the 1990’s and is more than 20 years old. The open source community has grown and changed since then, and has mostly settled on a small number of standard licenses.

The full announcement is at https://www.openssl.org/blog/blog/2017/03/20/license/


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by ikanreed on Friday March 24 2017, @08:57PM (3 children)

    by ikanreed (3164) Subscriber Badge on Friday March 24 2017, @08:57PM (#483862) Journal

    What amount of code included in a commit could reasonably be considered non-creative and thus not subject to copyright?

    Has there ever been a legal test created for creative extent in software? Is that even the right phrasing?

    If not, can I go ahead and copyright "for(int i=0;icount;i++)" and "if(value!=null)"?

    • (Score: 0) by Anonymous Coward on Friday March 24 2017, @09:21PM

      by Anonymous Coward on Friday March 24 2017, @09:21PM (#483875)

      Non-creative is usually those that don't require any sort of human judgment because of the problem domain. So, things like short phrases, familiar symbols, or forced designs. This means that means that simple if statements or for loops are not copyrightable on their own. This could arguably extend to patches that only fix typos or converts whitespace (e.g. PEP8 or automatic linter failure). However, that doesn't mean that the same thing isn't copyrightable when a part of a greater work that does require creativity.

    • (Score: 2) by Bot on Friday March 24 2017, @11:02PM (1 child)

      by Bot (3902) on Friday March 24 2017, @11:02PM (#483907) Journal

      If it is not creative you can rewrite it.

      I despise copyright in general, but if the deal is: "I give you this code and you put this under this license", YOU DO NOT ALTER THE DEAL UNILATERALLY. It took time to give you the code, no matter the quality. Get it under the agreed upon terms or Write Your Own Damn Code.

      Corporations sitting on billions of dollars have to resort to stealing, I guess it is a matter of principle.

      --
      Account abandoned.
      • (Score: 3, Informative) by tekk on Saturday March 25 2017, @02:09PM

        by tekk (5704) Subscriber Badge on Saturday March 25 2017, @02:09PM (#484100)

        They actually aren't changing it unilaterally (yet)

        theo@ got a message from the openssl team asking for his permission to change the copyright. It remains to be seen what they're going to do about him saying no.

  • (Score: 4, Insightful) by GungnirSniper on Friday March 24 2017, @09:13PM (1 child)

    by GungnirSniper (1671) on Friday March 24 2017, @09:13PM (#483871) Journal

    As part of this effort, the OpenSSL team launched a new website.

    Please enable JavaScript to view the comments powered by Disqus. [disqus.com]

    Does not compute.

    • (Score: 3, Funny) by Bot on Friday March 24 2017, @11:04PM

      by Bot (3902) on Friday March 24 2017, @11:04PM (#483908) Journal

      Come on, cut them some slack. They code mere crypto stuff, while incorporating a FOSS comment system is HARD.

      --
      Account abandoned.
  • (Score: 1) by Scrutinizer on Friday March 24 2017, @10:26PM (3 children)

    by Scrutinizer (6534) on Friday March 24 2017, @10:26PM (#483896)

    OpenSSL - that's the security software which had some Heartbleed [xkcd.com] in it? The security software which silently let attackers read back the unencrypted contents of arbitrary server memory [wikipedia.org], which could and did include encryption keys?

    Hm. Wikipedia claims LibreSSL [libressl.org] is making use [wikipedia.org] of (among other things) the Apache 1.0 and BSD licenses, but I have so far been unable to find evidence of this by looking through the github repo [github.com] via the web...

    • (Score: 2) by Bot on Friday March 24 2017, @11:05PM

      by Bot (3902) on Friday March 24 2017, @11:05PM (#483909) Journal

      Hm try looking into void linux package. Since they use it as the main SSL offering I guess they took care in unearthing the license.

      --
      Account abandoned.
    • (Score: 4, Informative) by NCommander on Friday March 24 2017, @11:44PM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday March 24 2017, @11:44PM (#483921) Homepage Journal

      OpenSSL's licensing is always been kinda a mess. It's dual-licensed, SSLeay, and four-clause BSD with the adversing clause. While free software, that made it incompatible with GPL software by a strict reading of the later. This is why Debian requires a licensing exemption to ship anything against OpenSSL.

      --
      Still always moving
    • (Score: 0) by Anonymous Coward on Saturday March 25 2017, @05:31AM

      by Anonymous Coward on Saturday March 25 2017, @05:31AM (#484034)

      Yeah, it's the software that ignored the preamble to that bug in their bug tracker for a long, long time until it became a critical issue.

  • (Score: 4, Insightful) by FakeBeldin on Saturday March 25 2017, @06:38AM (1 child)

    by FakeBeldin (3360) on Saturday March 25 2017, @06:38AM (#484046) Journal

    This comment by NickHolland @ The Register bears repeating:

    no. The issue is not "the" license, nor the change of the license.

    The issue is the way the license is attempting be changed.

    One person can not say, "I want to change the license, and if you don't respond, I'll take it as approval".

    There are right ways and wrong ways to do this. Some years ago, the OpenBSD project wanted to clean up the licenses on the entire distribution, as there were lots of little things with sloppy (or no!) licenses. They worked to contact EACH author, and they either got clear permission to change or REMOVED THE CODE (sometimes replaced, sometimes not). While benefits of making the change were explained, the license is the choice of the original author, period. Lots of problems were found -- missing contact info, people who had died, people who didn't want to change...and all those situations were respected.

    Authors of code put their intended license on the code. If they change their mind, great. Others may attempt to persuade them to change, but the decision needs to remain with the author. If they wish to use the most gawd-awful license, THAT'S THEIR CHOICE.

    • (Score: 0) by Anonymous Coward on Saturday March 25 2017, @01:20PM

      by Anonymous Coward on Saturday March 25 2017, @01:20PM (#484086)
      That way lies a lawsuit if one isn’t careful.
(1)