[OWASP-FILTERS] Re: license for filters?

Christopher Todd chris at christophertodd.com
Thu Oct 31 01:20:09 EST 2002

Wow, I'm impressed with you guys!  Most discussions of the GPL vs. other OSS
licenses usually degrade into religious flame wars where every other email
begins "I am not a lawyer, but..."  :-)

You've pretty much summed up the relevant issues, so I'll just put in my
preference, which is for as liberal a license as possible for the Filters
library.  If we were going to vote, I'd have to say +1 to anything liberal
like the Apache/BSD, 0 on the LGPL, and -1 on the GPL.

If you GPL (or perhaps even LGPL) the Filters library, the only people who
will use it are OSS developers; businesses will not touch it because the GPL
scares the crap out of lawyers.  That really doesn't meet the goals of the
Filters project, or of OWASP in general, which is (as I understood it) to
help web application developers write more secure web applications.  Given
that the vast majority of web applications that really *need* good security
are ones written to support commerce (and thus, are almost always
closed-source), it seems to me that GPLing the Filters project would
seriously degrade its usefullness to the community.


> -----Original Message-----
> From: owasp-filters-admin at lists.sourceforge.net
> [mailto:owasp-filters-admin at lists.sourceforge.net]On Behalf Of Alex
> Russell
> Sent: Thursday, October 31, 2002 2:05 AM
> To: ingo at ingostruck.de; mark at curphey.com
> Cc: owasp-filters at lists.sourceforge.net
> Subject: Re: [OWASP-FILTERS] Re: license for filters?
> On Wednesday 30 October 2002 17:15, Ingo Struck wrote:
> > My (personal) intention is definitely *not* to raise "everyone's boat",
> > since I do not feel obliged to support people who potentially work
> > against one of my main goals (propagation of *open* source software).
> I've discussed with Mark the possiblity of a dual-licensing
> arrangement for
> the filters. I'd also preferr a full-on GPL version, but in order to gain
> wide acceptance, I think we also need to allow more restrictive
> uses of the
> code.
> I find closed-source code distasteful as well, but right now I think the
> value in making the Filters project the defacto way of scrubbing
> data takes
> higher priority than our qualms with some portion of the developer
> community. LGPL might solve both of our issues by requiring that object
> code for the LGPL'd code have source provided with it. Just a thought.
> > Remember Mark's wise words from the WebScarab "Development Charter":
> >
> [ wisdom snipped ]
> >
> > I think these principles are reasonable and hold for the whole OWASP
> > project.
> We're talking about an exception to those principles because I feel they
> don't serve the goals of our particular project adequately, hence the
> discussion. I'm not sure whether or not you were involved in the
> discussions leading up to the adoption of the GPL as our primary license,
> but we choose it because it most closely matched our goals (as a
> meta-project) with the rights it provides. In this case, it
> doesn't work so
> well, so we're exploring other potential options.
> > So you just can't cut the discussion saying: "A vote is not necessary."
> > Can you?
> I'm not cutting off the discussion (or, rather, I don't mean to be), just
> trying to point out that in the general case the issue has been
> decided and
> so our discussion will revolve around a much smaller set of
> issues (namely,
> our code). The whole OWASP community need not be involved in such a
> discussion (unless of course they want to be). Seperately from this, a
> decision will be made, and we'll live with it, consensus or not.
> A stalled
> project helps no one, so this will be resolved quickly and we'll get back
> to work.
> Apologies if I was curt or unclear.
> Regards.
> --
> Alex Russell
> alex at SecurePipe.com
> alex at netWindows.org
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
> _______________________________________________
> Owasp-filters mailing list
> Owasp-filters at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-filters

More information about the Owasp-filters mailing list