[OWASP-LEADERS] RE: License question

dinis at ddplus.net dinis at ddplus.net
Fri Nov 28 13:03:48 EST 2003

Hello fellow Owasp leaders

I am new to this list so this is my first post. I'm
collaborating with Owasp in its .Net development

I would like to add the following comments about this

1) I think that oPortal should be released under the
and not the GPL
The "Lesser" version the the GPL allows the use of the
oPortal code together with other 'proprietary libraries'

2) My rationaly is: "what oPortal needs now is users
and eyeballs, so the easier it is to use its code the
more it will be used".

3) In my view the Open Source's copyrights are only
usefull for one thing: to avoid somebody packaging it
as a proprietary application and copyright its source
code to it. Apart from that, all other Open Source
benefits (Eyeballs looking at bugs, feedback from users
and code contribution) will only happen if the Open
Source application is actually used, AND, the project's
leaders are good, fair and reliable.

4) I'm abit confused about his initial question:

   - "...could custom portlets that we create have to
be released under GPL..." - what does he mean by Custom
portlets in oPortal? I couldn't find any references in
www.owasp.org to portlets (see
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=portlets+site%3Awww.owasp.org). If he means by
'custom portlets', changes to the oportal source, code
then theoretically he should publish those changes and
sent them to the oPortal developers. But if by 'custom
portlets' he means custom XSL templates, or new DTDs
that convert his XML content into his design, then I
think that he shouldn't need to make that information

   - "Would a site that uses oPortal come under GPL" -
If by this he means the content of the site, then (in
my view) that content is copyrighted to him and he has
no need to distribute (the XML files) under GPL

5) I'm also a bit confused by Rogan Dawes' (ZA -
Johannesburg <rdawes at deloitte.co.za>) comment "...the
other thing is that the GPL only comes into play when
you actually distribute something.If you only use it in
house, and never distribute, there is no requirement to
release source at all...." (quote from his email).
Surelly by putting a package available for download in
SourceFourge makes thatdistributed to anybody that
requests it? The fact that the package (i.e. software,
i.e. code) is a web application (versus an interactive
desktop application) doesn't make a diference. In my
view any piece of code can be GPLed since it is the
owner of that code that decides how to manage its
copyright. As long as the code distribution respects
the GPL then it is a GPL code. Rogan, if you are
reading this, I would be very interrested in reading
the discussions about this issue (i.e. "...are web
applications distributed or not...") which you
mentioned in your email

Mark, since his question is quite relevant and surelly
other people have the same issues, maybe be best thing
would be to create a FAQ about the oPortal licence and
its possible usage.

just my two cents....

Best regards

Dinis Cruz
.Net Security Consultant
DDPlus (www.ddplus.net)

On Fri, 28 Nov 2003 18:11:49 +0200, "Dawes, Rogan (ZA -
Johannesburg)" wrote


other thing is that the GPL only comes into play when
you actually distribute 
If you 
only use it in house, and never distribute, there is no
requirement to release 
source at all. This has led to numerous discussions
especially in the context of 
web applications, which are NOT actually distributed.

  -----Original Message-----From: Mark Curphey 
  [mailto:mark at curphey.com] Sent: 28 November 2003
  PMTo: 'Aral Balkan'; 
  owasp-leaders at lists.sourceforge.netSubject:
  License question
  I am 
  not a licensing expert but I know we have some people
on the project who are 
  pretty well up on this sort of thing. Guys, any
comments ?
  From: Aral Balkan 
  [mailto:aral at bitsandpixels.co.uk] Sent: Friday,
November 28, 2003 
  5:54 AMTo: owasp at owasp.org
  I believe 
  I have a firm grasp of the GPL license as it pertains
to software itself, 
  however in this case, if we were to use oPortal,
could custom portlets that we 
  create have to be released under GPL? Would a site
that uses oPortal come 
  under GPL?
  --  ___(  Aral Balkan  
  Director.. Bits & Pixels     : 
  www.BitsAndPixels.co.uk        Dir. 
  Ed. Content... Ultrashock        : 
  Author............. Friends of ED     : 
  Macromedia DevNet :
www.macromedia.com/devnet  Director........... London 
  MMUG       : 
Important Notice: This email is subject to important
qualifications and disclaimers ("the Disclaimer") that
must be accessed and read 
by clicking here or by copying and pasting the
following address into your 
Internet browser's address bar:
http://www.Deloitte.co.za/Disc.htm. The Disclaimer is 
deemed to form part of the content of this email in
terms of Section 11 of the 
Electronic Communications and Transactions Act, 25 of
2002. If you cannot access 
the Disclaimer, please obtain a copy thereof from us by
sending an email to ClientServiceCentre at Deloitte.co.za.

Scanned by Emailfiltering.co.uk

More information about the OWASP-Leaders mailing list