[OWASP-LEADERS] Licensing for Filters / OCL

Gabriel Lawrence gabe at landq.org
Tue Jun 24 13:10:21 EDT 2003

Well... I think this makes for an interesting question. Can we iron out
what a commercial license might look like? 

Otherwise I generally like things like the LGPL much better and here's
why. It forces improvements to be given back - and it allows companies
to use the software improve it and continue to make money off their core

I see the point to using things like GPL in cases where extending or
using the library isn't the end goal. So, I like GPL for applications
and LGPL for libraries. 


-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Ingo
Sent: Monday, June 23, 2003 3:02 PM
To: Mark Curphey; Sverre H. Huseby
Cc: owasp-leaders at lists.sourceforge.net
Subject: [OWASP-LEADERS] Licensing for Filters / OCL

Hi folks...

> Any particular reason for using GPL rather than, say, LGPL?  I would
> imagine that most people would not GPL their custom made web
> application code. (Sverre)

> No good point. We actually never closed out licensing for the filters,
> remember it was a task that dropped.
> Any thoughts Ingo ? (Mark)

Well, in fact a good point at this point I guess...

First, read http://www.fsf.org/licenses/why-not-lgpl.html
why it is generally better to use the GPL for libraries too.

Let me add some arguments for and against the GPL.

Pro GPL:
- if we publish under the GPL, then using the library within a
  context will become a license violation. That would enable us to offer
  the same library under a different license to proprietary developers
  charge fees (or at least "bounties") for it. This could eventually
help to
  raise our fund. (Many other do so, e.g. Berkeley db, to name a
- publishing under the GPL enforces that improvements are fed back to
  the library and thus speeds up development and eventually helps to
  create code of higher quality

Contra GPL (pro LGPL):
- "proprietary" developers won't use the library published under the
  note that this argument would be invalidated by an alternative
- even some public institutions (e.g. UNESCO) do not accept Software
  published under GPL; they prefer to use the LGPL such that nobody is
  closed out from the benefits of the software developed under their

These arguments should be balanced carefully.
Since currently we have some urgent problems to keep up development
the way we'd like to mainly due to time problems, (which are really only
problems), and since in contrary to public institutions we have no
facilities from public money, I would tend to use the "double tracked"

I know that the filters team (at least Alex Russel, who unfortunately
left us)
tended to use the LGPL to "enlargen the audience", but regarding that 
argument cf. to Stallmans note that I mentioned above...

As long as we have no better solution I would simply leave the copyright
headers in the OCL (that means GPL) since I don't want to run 
"change-header-scripts" too often.

Maybe we should work out (or crib) some alternative license for
users. I do not expect their number to be very large in the beginning
Comments are (as always) highly welcome.

Kind regards


ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24

This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net

More information about the OWASP-Leaders mailing list