Apache Software Foundation releases 2017 annual report

On June 29, 2017, the Apache Software Foundation announced the release of its annual report for its 2017 fiscal year. The report covers ASF’s operational highlights for the year, including that there were 65+M lines of code committed during the year, dozens of Apache projects continue to dominate the enterprise big data ecosystem, 976 individual Contributor License Agreements and 42 corporate Contributor License Agreement were signed during the year, and the Apache license remains one of the most popular open source licenses.

Many other significant items are described in the report, which can be found here

OpenSSL re-licensing project

On March 16, 2017, the OpenSSL project announced that it is changing its license to Apache 2.0. The purpose of the re-licensing is to make OpenSSL “more convenient to incorporate in the widest possible range of free and open source software” according to Mishi Choudhary of the Software Freedom Law Center, counsel to OpenSSL. OpenSSL is already the most widely-used FOSS encryption software.

The re-licensing project requires contacting and obtaining the consent of everyone who has contributed to the project, approximately 400 people. This no doubt has been quite a chore. It is not clear what happens if everyone’s consent cannot be obtained. Probably the contributions of any non-approving or non-located contributors would have to be removed from OpenSSL. The OpenSSL project is taking the position that if a contributor who is contacted for approval simply does not respond, they assume that the contributor has no objection to the license change. Perhaps this issue could have been addressed in advance with the use of a contributor agreement. 

There has been concern that the original OpenSSL license, now more than 20 years old, has some conflicts with the GPL. This is because the original OpenSSL license contains notice requirements that might be deemed to conflict with GPL terms that prohibit license restrictions beyond those that are already contained in the GPL terms themselves. This is significant if an organization incorporates OpenSSL into software it is distributing under the GPL.

Using a standard and well-understood open source license like Apache 2.0 is beneficial when incorporating open source software into other FOSS projects. License compatibility is enhanced. This should be kept in mind when developers are deciding which FOSS license to use. Also, a contributor agreement can be beneficial in the event a license change is deemed necessary.