Home Open Source OpenSSL licence change move riles some contributors

OpenSSL licence change move riles some contributors

The OpenSSL project is seeking to go ahead with a change of licence to the Apache Licence Version 2.0 but the way it is doing so appears to have riled up some contributors.

The change of licence was first suggested in 2015, a year after the Heartbleed vulnerability made people aware of the extent of use of OpenSSL.

The original OpenSSL licence is described by the project itself, as "rather unique and idiosyncratic".

At the time of Heartbleed, it became known that just four developers made up the core OpenSSL team.

After that, a number of companies made a contribution of US$3.9 million to the Linux Foundation, some part of which was used for developing OpenSSL.

The main reason for changing the licence is to avoid patent issues.

But when the project sent out emails recently to as many contributors as it could, it also made it a condition that if they did not write back, then it would be taken for granted that they did not object to the change.

The email said, in part: "We are asking for your permission to change the licence for your contribution. Please visit this link to respond; you will have a chance to accept or decline, and enter a brief comment (you can use the comment to give the names of other people we should contact, for example).

"If we do not hear from you, we will assume that you have no objection."

There are nearly 400 individuals who have contributed code to OpenSSL with a total of more than 31,000 commits. The current licence dates back to the 1990s and is more than 20 years old.

If any contributors refuse to accept the licence change, then their contributions will have to be rewritten. There are multiple email addresses for several contributors, showing how difficult it will be for the project to ensure that everyone knows about the proposal.

But OpenSSL has never had a contributor's agreement so far, something it seeks to rectify by creating agreements both for individuals and corporate contributions.

One of those opposed to the licence change is Theo de Raadt, head of the OpenBSD project, who forked the OpenSSL code soon after the Heartbleed incident and created a version called LibreSSL.

De Raadt poked fun at the move to relicense OpenSSL, posting a message where he said he was planning to change the licensing of the Gnu C compiler from GPL to ISC.

In an email, de Raadt said: "Lots of people have been receiving emails like the one below (referring to the email sent to OpenSSL contributors by the project).

"They have never asked the community of authors what they want. I think OpenSSL are using a github 'garbage-in/garbage-out' style of process. Feel free to dig into what they think I am author of, and why.

"The start suggests they want to privately collect sufficient consensus to pass their agenda. They appear to be considering all actions in the tree (including mine) on equal grounds.

"The last sentence suggests they don't care at all about the rights of the authors."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News