[OWASP-LEADERS] Copyright fun again

Gabriel Lawrence gabe at landq.org
Fri Feb 28 12:17:57 EST 2003


Just a few follow ups...

I'd like to live in the world where you can make money off of just services
related to opens ource software. I'm still waiting for a good first
example... But let's not run down that debate, it's a tired one that people
are always arguing. I tend to prefer licenses such as Apache and LGPL
licenses so that a value chain can grow around valuable source, and so that
companies can free feel to open source components of their software
contributing to the open source world, and keeping food on their tables.
But, the reality is that most companies don't push their employees to
contribute to open source projects and don't like to open source their own
IP. So, neither one of us is completely in the real world :-)

That said, what I'm saying is that just because software is released under
GPL, that doesn't mean that it is the only license that it can be released
under. The copyright owner can make that decision.

If Dave wants to take this under a different license then the one that was
used when it was distributed, this is where the blur comes in. We have the
option as the copyright owners to grant him a completely separate license.
In order to do this, we would need to set an appropriate precedent by
requiring valuable compensation to the owasp project - one that represents
the contribution made by owasp members.

That's what I'm saying. I think its reasonable and fair. I also think that
it can benefit OWASP by giving the project greater resources.


-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Ingo Struck
Sent: Friday, February 28, 2003 3:26 AM
To: owasp-leaders at lists.sourceforge.net
Subject: Re: [OWASP-LEADERS] Copyright fun again

Hash: SHA1

Hi folks...

I will tie in with some of Gabriel's statements inline...

> It seems to me that there needs to be a way
> to balance the economic realities with the desire to be an open source
> developer.
Right. This is a fundamental question that we need to solve regarding
work at OWASP - I guess most of active OWASP contributors are somehow
affected by this issue.

> Sometimes this involves blurring the lines between free and
> commercial...
I would strictly negate this proposition.
IMHO the issue we are coping with here can be solved only if we
clearly define the lines between free/commercial for any contribution
to OWASP and adhere to that. We need to have a settlement and we
should write that down - just in case somebody forgets about it

> One thing that I think is clear is that just because a
> project is released openly under one license, that doesn't mean that
> that is the only license that the assigned copyright owner can choose to
> release something under.
I guess that this is hardly possible since the terms of GPL / LGPL are a
direct antagonism to "closed source commercial" licenses.
If you apply the one you violate the other and vice versa.

Having this said I guess it is time for my position:

- - like most other people involved in OWASP I make a living from
  software, so I am not against turning the results of my work into gold
- - what I strictly defeat is to usurp and abuse copyright laws of any kind
- - from it's nature software is a good of knowledge and as such not subject
  to be sold - it is part of humans common property
- - there are many other ways of making money from software except from
  selling licences; open source projects do not aim to sell products, they
  aim to improve the freely available knowledge how to control computers
- - if any money is to be earned from open source projects it should be made
  from selling *services* not *products*; e.g. you can charge additional
  warranties, maintenance, installation, programming of specialized
  (adaption to a specific environment), advertising (in our case called
  sponsorship), training, supervision of installations etc. pp.
- - in fact if anyone is willing and able to pay for the *time* spent on
  OWASP subproject that is the best what could happen. It must be made
  absolutely clear, however, that the result of that work is subject to the
  decisions and conditions made by OWASP, which includes distribution
  under GPL / LGPL.

The base line of this is: OWASP does *not* sell licences nor treat software
as a product. If a subproject is not under GPL / LGPL it simply cant be a 
subproject. Contributors who do not assign copyright to the FSF and develop 
only under the custody of OWASP (like I believe is declared in some official

OWASP paper) have to contribute somewhere else.
In turn they must not claim to be part of OWASP.

This is only my personal point of view; but I would raise my motivation to 
contribute to OWASP even more if we all could come to an agreement
that points to that direction.

Kind regards


- -- 
ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24

Version: GnuPG v1.2.0 (GNU/Linux)


This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20030228/2db99c11/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 5812 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20030228/2db99c11/attachment.bin 

More information about the OWASP-Leaders mailing list