On 09/30/2015 09:58 AM, Jakob Bohm wrote: > On 30/09/2015 15:34, Steve Marquess wrote: >> On 09/30/2015 09:18 AM, Jakob Bohm wrote: >>> ... >>> >>> Under the new "contribution agreement" scheme, publishing such items >>> early would also make them available to users ... >> Publishing by someone else is fine, go for it. It would be nice to have >> someone else publish FIPS module code, or validation information of any >> kind for that matter. I think the validation process would be a lot less >> capricious with less of the secrecy that is the current norm. > > Point is that the contribution agreement contains a bug, whereby > anything not published by the OpenSSL Foundation in the UK is not > licensed to anyone. > > Having a publication procedure for things marked "This does NOT > work in its current form, but we are giving you a license" works > around that bug ... Speaking just for myself, and not my fellow team mates, I see no upside and a lot of downsides to our hosting of "does not work" code contributions. Especially for FIPS specific code. The originators of that code are free to give it to anyone else at any time; they don't need us to do so. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
