[OWASP-LEADERS] Copyright fun again

Ingo Struck ingo at ingostruck.de
Fri Feb 28 06:26:05 EST 2003

Hash: SHA1

Hi folks...

I will tie in with some of Gabriel's statements inline...

> It seems to me that there needs to be a way
> to balance the economic realities with the desire to be an open source
> developer.
Right. This is a fundamental question that we need to solve regarding
work at OWASP - I guess most of active OWASP contributors are somehow
affected by this issue.

> Sometimes this involves blurring the lines between free and
> commercial...
I would strictly negate this proposition.
IMHO the issue we are coping with here can be solved only if we
clearly define the lines between free/commercial for any contribution
to OWASP and adhere to that. We need to have a settlement and we
should write that down - just in case somebody forgets about it occasionally.

> One thing that I think is clear is that just because a
> project is released openly under one license, that doesn't mean that
> that is the only license that the assigned copyright owner can choose to
> release something under.
I guess that this is hardly possible since the terms of GPL / LGPL are a
direct antagonism to "closed source commercial" licenses.
If you apply the one you violate the other and vice versa.

Having this said I guess it is time for my position:

- - like most other people involved in OWASP I make a living from *developing*
  software, so I am not against turning the results of my work into gold
- - what I strictly defeat is to usurp and abuse copyright laws of any kind
- - from it's nature software is a good of knowledge and as such not subject
  to be sold - it is part of humans common property
- - there are many other ways of making money from software except from
  selling licences; open source projects do not aim to sell products, they
  aim to improve the freely available knowledge how to control computers
- - if any money is to be earned from open source projects it should be made
  from selling *services* not *products*; e.g. you can charge additional
  warranties, maintenance, installation, programming of specialized interfaces
  (adaption to a specific environment), advertising (in our case called
  sponsorship), training, supervision of installations etc. pp.
- - in fact if anyone is willing and able to pay for the *time* spent on some
  OWASP subproject that is the best what could happen. It must be made
  absolutely clear, however, that the result of that work is subject to the
  decisions and conditions made by OWASP, which includes distribution
  under GPL / LGPL.

The base line of this is: OWASP does *not* sell licences nor treat software
as a product. If a subproject is not under GPL / LGPL it simply cant be a 
subproject. Contributors who do not assign copyright to the FSF and develop 
only under the custody of OWASP (like I believe is declared in some official 
OWASP paper) have to contribute somewhere else.
In turn they must not claim to be part of OWASP.

This is only my personal point of view; but I would raise my motivation to 
contribute to OWASP even more if we all could come to an agreement
that points to that direction.

Kind regards


- -- 
ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24

Version: GnuPG v1.2.0 (GNU/Linux)


More information about the OWASP-Leaders mailing list