[OWASP-LEADERS] Licensing for Filters / OCL

Ingo Struck ingo at ingostruck.de
Mon Jun 23 18:02:08 EDT 2003

Hi folks...

> Any particular reason for using GPL rather than, say, LGPL?  I would
> imagine that most people would not GPL their custom made web
> application code. (Sverre)

> No good point. We actually never closed out licensing for the filters, I
> remember it was a task that dropped.
> Any thoughts Ingo ? (Mark)

Well, in fact a good point at this point I guess...

First, read http://www.fsf.org/licenses/why-not-lgpl.html
why it is generally better to use the GPL for libraries too.

Let me add some arguments for and against the GPL.

Pro GPL:
- if we publish under the GPL, then using the library within a proprietary
  context will become a license violation. That would enable us to offer
  the same library under a different license to proprietary developers and
  charge fees (or at least "bounties") for it. This could eventually help to
  raise our fund. (Many other do so, e.g. Berkeley db, to name a renowned
- publishing under the GPL enforces that improvements are fed back to
  the library and thus speeds up development and eventually helps to
  create code of higher quality

Contra GPL (pro LGPL):
- "proprietary" developers won't use the library published under the GPL;
  note that this argument would be invalidated by an alternative "commercial"
- even some public institutions (e.g. UNESCO) do not accept Software
  published under GPL; they prefer to use the LGPL such that nobody is
  closed out from the benefits of the software developed under their aegis

These arguments should be balanced carefully.
Since currently we have some urgent problems to keep up development
the way we'd like to mainly due to time problems, (which are really only money 
problems), and since in contrary to public institutions we have no funding 
facilities from public money, I would tend to use the "double tracked" model.

I know that the filters team (at least Alex Russel, who unfortunately left us)
tended to use the LGPL to "enlargen the audience", but regarding that 
argument cf. to Stallmans note that I mentioned above...

As long as we have no better solution I would simply leave the copyright
headers in the OCL (that means GPL) since I don't want to run 
"change-header-scripts" too often.

Maybe we should work out (or crib) some alternative license for commercial
users. I do not expect their number to be very large in the beginning
Comments are (as always) highly welcome.

Kind regards


ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24

More information about the OWASP-Leaders mailing list