Home Open Source OpenSSL licence change move riles some contributors

OpenSSL licence change move riles some contributors

The OpenSSL project is seeking to go ahead with a change of licence to the Apache Licence Version 2.0 but the way it is doing so appears to have riled up some contributors.

The change of licence was first suggested in 2015, a year after the Heartbleed vulnerability made people aware of the extent of use of OpenSSL.

The original OpenSSL licence is described by the project itself, as "rather unique and idiosyncratic".

At the time of Heartbleed, it became known that just four developers made up the core OpenSSL team.

After that, a number of companies made a contribution of US$3.9 million to the Linux Foundation, some part of which was used for developing OpenSSL.

The main reason for changing the licence is to avoid patent issues.

But when the project sent out emails recently to as many contributors as it could, it also made it a condition that if they did not write back, then it would be taken for granted that they did not object to the change.

The email said, in part: "We are asking for your permission to change the licence for your contribution. Please visit this link to respond; you will have a chance to accept or decline, and enter a brief comment (you can use the comment to give the names of other people we should contact, for example).

"If we do not hear from you, we will assume that you have no objection."

There are nearly 400 individuals who have contributed code to OpenSSL with a total of more than 31,000 commits. The current licence dates back to the 1990s and is more than 20 years old.

If any contributors refuse to accept the licence change, then their contributions will have to be rewritten. There are multiple email addresses for several contributors, showing how difficult it will be for the project to ensure that everyone knows about the proposal.

But OpenSSL has never had a contributor's agreement so far, something it seeks to rectify by creating agreements both for individuals and corporate contributions.

One of those opposed to the licence change is Theo de Raadt, head of the OpenBSD project, who forked the OpenSSL code soon after the Heartbleed incident and created a version called LibreSSL.

De Raadt poked fun at the move to relicense OpenSSL, posting a message where he said he was planning to change the licensing of the Gnu C compiler from GPL to ISC.

In an email, de Raadt said: "Lots of people have been receiving emails like the one below (referring to the email sent to OpenSSL contributors by the project).

"They have never asked the community of authors what they want. I think OpenSSL are using a github 'garbage-in/garbage-out' style of process. Feel free to dig into what they think I am author of, and why.

"The start suggests they want to privately collect sufficient consensus to pass their agenda. They appear to be considering all actions in the tree (including mine) on equal grounds.

"The last sentence suggests they don't care at all about the rights of the authors."


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.