On 30/09/2015 16:17, Steve Marquess wrote: > On 09/30/2015 09:58 AM, Jakob Bohm wrote: >> On 30/09/2015 15:34, Steve Marquess wrote: >>> On 09/30/2015 09:18 AM, Jakob Bohm wrote: >>>> ... >>>> >>>> Under the new "contribution agreement" scheme, publishing such items >>>> early would also make them available to users ... >>> Publishing by someone else is fine, go for it. It would be nice to have >>> someone else publish FIPS module code, or validation information of any >>> kind for that matter. I think the validation process would be a lot less >>> capricious with less of the secrecy that is the current norm. >> Point is that the contribution agreement contains a bug, whereby >> anything not published by the OpenSSL Foundation in the UK is not >> licensed to anyone. >> >> Having a publication procedure for things marked "This does NOT >> work in its current form, but we are giving you a license" works >> around that bug ... > Speaking just for myself, and not my fellow team mates, I see no upside > and a lot of downsides to our hosting of "does not work" code > contributions. Especially for FIPS specific code. The originators of > that code are free to give it to anyone else at any time; they don't > need us to do so. This is why I mentioned the historic contributions from Sun and Eay: They may be unable or unwilling to repeat the donation at a later date when it is actually needed. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150930/457484a8/attachment.html>
