OpenSSL wants to continue under Apache 2.0 license

The OpenSSL project wants to move from its own use license to the Apache 2.0 license. The switch requires the approval of everyone who has contributed to the OpenSSL code as an author.

According to the organization behind OpenSSL, the existing license is now more than 20 years old and creates cluttered or even unworkable situations when the open source software is used in, for example, commercial products, or when another developer wants to publish a modified version. That is why the board behind OpenSSL wants to switch to Apache 2.0, an open source license that is widely used, well known and should contribute to OpenSSL remaining the most widely used toolkit for SSL, TLS and cryptography in the future.

The OpenSSL Project needs the permission of everyone listed as an author for the switch. Because it’s open source software that anyone can work with, and because OpenSSL has grown in popularity since Heartbleed, nearly 400 authors are involved. The organization has contacted all email addresses on file with the request for approval for the switch from the current license, based on that of predecessor SSLeay, to Apache 2.0.

According to The Register, however, silence is consent and it is not about 400 authors but about a thousand. Theo de Raadt, founder of OpenBSD, founder of OpenSSL fork LibreSSL and co-developer of OpenSSL, disagrees with the OpenSSL governance approach. ‘I am concerned that the rights of the authors are being violated in this way. They have no choice but to transfer their work to this license, which is presumably chosen by big companies like The Linux Corporation, Intel and Oracle.”