[OWASP-LEADERS] Licensing for Filters / OCL
ingo at ingostruck.de
Mon Jun 23 18:02:08 EDT 2003
> Any particular reason for using GPL rather than, say, LGPL? I would
> imagine that most people would not GPL their custom made web
> application code. (Sverre)
> No good point. We actually never closed out licensing for the filters, I
> remember it was a task that dropped.
> Any thoughts Ingo ? (Mark)
Well, in fact a good point at this point I guess...
First, read http://www.fsf.org/licenses/why-not-lgpl.html
why it is generally better to use the GPL for libraries too.
Let me add some arguments for and against the GPL.
- if we publish under the GPL, then using the library within a proprietary
context will become a license violation. That would enable us to offer
the same library under a different license to proprietary developers and
charge fees (or at least "bounties") for it. This could eventually help to
raise our fund. (Many other do so, e.g. Berkeley db, to name a renowned
- publishing under the GPL enforces that improvements are fed back to
the library and thus speeds up development and eventually helps to
create code of higher quality
Contra GPL (pro LGPL):
- "proprietary" developers won't use the library published under the GPL;
note that this argument would be invalidated by an alternative "commercial"
- even some public institutions (e.g. UNESCO) do not accept Software
published under GPL; they prefer to use the LGPL such that nobody is
closed out from the benefits of the software developed under their aegis
These arguments should be balanced carefully.
Since currently we have some urgent problems to keep up development
the way we'd like to mainly due to time problems, (which are really only money
problems), and since in contrary to public institutions we have no funding
facilities from public money, I would tend to use the "double tracked" model.
I know that the filters team (at least Alex Russel, who unfortunately left us)
tended to use the LGPL to "enlargen the audience", but regarding that
argument cf. to Stallmans note that I mentioned above...
As long as we have no better solution I would simply leave the copyright
headers in the OCL (that means GPL) since I don't want to run
"change-header-scripts" too often.
Maybe we should work out (or crib) some alternative license for commercial
users. I do not expect their number to be very large in the beginning
Comments are (as always) highly welcome.
ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807 5BBF 8508 AF92 19AA 3D24
More information about the OWASP-Leaders