[OWASP-LEADERS] Copyright fun again

Mark Curphey mark at curphey.com
Fri Feb 28 13:08:10 EST 2003

I think Jeff's point about it being an Apache license (and it was)
actually negates many of the issues and concerns. As he points out all
Dave needs to do is to include a copyright notice to OWASP. Its also
worth pointing out that apart from the plugins, Dave was the only author

So unless I am missing something (in between the hundreds of ooo
replies, now fixed) I think I can just tell him hes free to proceed as
long as he abides by the Apache license, tell the gang complaining its
Apache and all move on ? 

I think though it raises an interesting moral question for us as a
project. Given that a project that we started and is popular (it is
always the number 1 search item at owasp.org) is no longer available as
open source, should we resurrect it as a project to ensure it stays open
and available ? If the answer is yes, do we have an VB coders prepared
to step up to the plate and take it on ? 

On Fri, 2003-02-28 at 09:17, Gabriel Lawrence wrote:
> Ingo,
> Just a few follow ups...
> I'd like to live in the world where you can make money off of just
> services related to opens ource software. I'm still waiting for a good
> first example... But let's not run down that debate, it’s a tired one
> that people are always arguing. I tend to prefer licenses such as
> Apache and LGPL licenses so that a value chain can grow around
> valuable source, and so that companies can free feel to open source
> components of their software contributing to the open source world,
> and keeping food on their tables. But, the reality is that most
> companies don't push their employees to contribute to open source
> projects and don't like to open source their own IP. So, neither one
> of us is completely in the real world :-)
> That said, what I'm saying is that just because software is released
> under GPL, that doesn't mean that it is the only license that it can
> be released under. The copyright owner can make that decision.
> If Dave wants to take this under a different license then the one that
> was used when it was distributed, this is where the blur comes in. We
> have the option as the copyright owners to grant him a completely
> separate license. In order to do this, we would need to set an
> appropriate precedent by requiring valuable compensation to the owasp
> project - one that represents the contribution made by owasp members.
> That’s what I'm saying. I think its reasonable and fair. I also think
> that it can benefit OWASP by giving the project greater resources.
> -gabe
> -----Original Message-----
> From: owasp-leaders-admin at lists.sourceforge.net
> [mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Ingo
> Struck
> Sent: Friday, February 28, 2003 3:26 AM
> To: owasp-leaders at lists.sourceforge.net
> Subject: Re: [OWASP-LEADERS] Copyright fun again
> Hash: SHA1
> Hi folks...
> I will tie in with some of Gabriel's statements inline...
> > It seems to me that there needs to be a way
> > to balance the economic realities with the desire to be an open
> source
> > developer.
> Right. This is a fundamental question that we need to solve regarding
> work at OWASP - I guess most of active OWASP contributors are somehow
> affected by this issue.
> > Sometimes this involves blurring the lines between free and
> > commercial...
> I would strictly negate this proposition.
> IMHO the issue we are coping with here can be solved only if we
> clearly define the lines between free/commercial for any contribution
> to OWASP and adhere to that. We need to have a settlement and we
> should write that down - just in case somebody forgets about it
> occasionally.
> > One thing that I think is clear is that just because a
> > project is released openly under one license, that doesn't mean that
> > that is the only license that the assigned copyright owner can
> choose to
> > release something under.
> I guess that this is hardly possible since the terms of GPL / LGPL are
> a
> direct antagonism to "closed source commercial" licenses.
> If you apply the one you violate the other and vice versa.
> Having this said I guess it is time for my position:
> - - like most other people involved in OWASP I make a living from
> *developing*
>   software, so I am not against turning the results of my work into
> gold
> - - what I strictly defeat is to usurp and abuse copyright laws of any
> kind
> - - from it's nature software is a good of knowledge and as such not
> subject
>   to be sold - it is part of humans common property
> - - there are many other ways of making money from software except
> from
>   selling licences; open source projects do not aim to sell products,
> they
>   aim to improve the freely available knowledge how to control
> computers
> - - if any money is to be earned from open source projects it should
> be made
>   from selling *services* not *products*; e.g. you can charge
> additional
>   warranties, maintenance, installation, programming of specialized
> interfaces
>   (adaption to a specific environment), advertising (in our case
> called
>   sponsorship), training, supervision of installations etc. pp.
> - - in fact if anyone is willing and able to pay for the *time* spent
> on some
>   OWASP subproject that is the best what could happen. It must be made
>   absolutely clear, however, that the result of that work is subject
> to the
>   decisions and conditions made by OWASP, which includes distribution
>   under GPL / LGPL.
> The base line of this is: OWASP does *not* sell licences nor treat
> software
> as a product. If a subproject is not under GPL / LGPL it simply cant
> be a 
> subproject. Contributors who do not assign copyright to the FSF and
> develop 
> only under the custody of OWASP (like I believe is declared in some
> official 
> OWASP paper) have to contribute somewhere else.
> In turn they must not claim to be part of OWASP.
> This is only my personal point of view; but I would raise my
> motivation to 
> contribute to OWASP even more if we all could come to an agreement
> that points to that direction.
> Kind regards
> Ingo
> - -- 
> ingo at ingostruck.de
> Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
> C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24
> Version: GnuPG v1.2.0 (GNU/Linux)
> iD8DBQE+X0dRhQivkhmqPSQRAiA3AJ9K0JiV+HtsrpiT+ZeCO2TikPjeBwCgh8Gq
> 9k1ZWR+Kbc92qcRZwc6KJnI=
> =zSQp
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
Mark Curphey <mark at curphey.com>

More information about the OWASP-Leaders mailing list