[OWASP-LEADERS] RE: License question

Aral Balkan aral at bitsandpixels.co.uk
Fri Nov 28 11:46:44 EST 2003

Regarding my earlier fears (from the GNU GPL Faq):

"Is there some way that I can GPL the output people get from use of my
program? For example, if my program is used to develop hardware designs, can
I require that these designs must be free?

In general this is legally impossible; copyright law does not give you any
say in the use of the output people make from their data using your program.
If the user uses your program to enter or convert his own data, the
copyright on the output belongs to him, not you. More generally, when a
program translates its input into some other form, the copyright status of
the output inherits that of the input it was generated from."

Thus, the data would not come under the license. This is good. However, we

"In what cases is the output of a GPL program covered by the GPL too?
Only when the program copies part of itself into the output. "

This is not good. The output of a site that uses oPortal will contain parts
of oPortal in it and thus, reading this, one could say that the output (the
resulting HTML pages) should be GPL. Do HTML tags count? I believe this
could be a gray area. (Albeit one where I would imagine a judge would rule
that the resulting content is more data than parts of the program itself and
thus does *not* come under GPL).

Under these conditions, would a new portlet come under content or library?
In terms of how it is created (ie., not through the program), I would say,
"library". In terms of what it is with regards to oPortal, I would say

All the best,

-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes at deloitte.co.za]
Sent: Friday, November 28, 2003 4:12 PM
To: owasp-leaders at lists.sourceforge.net; 'Aral Balkan'
Subject: RE: [OWASP-LEADERS] RE: License question

the other thing is that the GPL only comes into play when you actually
distribute something.

If you only use it in house, and never distribute, there is no requirement
to release source at all. This has led to numerous discussions especially in
the context of web applications, which are NOT actually distributed. (IMO)

More information about the OWASP-Leaders mailing list