Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
License conflict #82
From Katebe...@gmail.com on August 02, 2013 14:28:04
The description of the license on the main page is inconsistent with the license itself.
The page states that naxsi is "OpenSource and free to use for your company or personal own use (ie: as long as you don't resell a service or product based on Naxsi to customers)."
The freedom to sell is an important part of Free (as in freedom) Software. In fact, the Free Software Foundation (the authors of the GPL) specifically encourages people to charge "as much as they wish or can", and the GPL itself states that "You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee."
The Freedom involved in Free Software has nothing to do with price, rather, it's about what you can do with it (liberty). There is "freeware" that is distributed under very restrictive terms, and there is commercial software (like RedHat Enterprise) that costs money, but provides you a great deal of freedom by providing the source code and using a license that doesn't attempt to take freedoms away. If you like, you are free to get the software from another source (such as CentOS), but RedHat is under no obligation to provide their labor for free.
Instead of preventing you from selling software, free software protects the right of your customers to modify and redistribute as /they/ see fit, for free, or for a fee. They are free to buy it as a group, then give it away without charge, should they so choose.
A good read on the subject: http://www.gnu.org/philosophy/selling.html As for reselling a service based on naxsi, the GPL is a copyleft license (one that uses copyright to ensure freedoms, rather than take them away). It is based upon the concept that copyright prohibits distribution of other people's work without a license. Because of that, the license can say "when you distribute this software, you need to provide the source code upon request, and do so under the GPL" (for example). With a service, the software is never distributed, so the license does not kick in. In fact, the GPL specifically states:
"Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program)."
In the United States, the Copyright Act contains a section specifically limiting the rights that copyright holders have. It's found in section 117, "Limitations on exclusive rights: Computer programs". Other countries have similar limitations. This section of the law specifically exempts copies made "as an essential step in the utilization of the computer program". This means that once one has legally acquired a piece of software, one does not need permission to install or run it (despite what some EULAs might try to make you think or agree to). Because of this, a service based on legitimately acquired software isn't subject to license restrictions (though it may be possible to use a contract to impose restrictions as part of a sale).
Original issue: http://code.google.com/p/naxsi/issues/detail?id=83
I'd just like to bump this issue as its part of why I'm considering using Mod_Security instead of Naxsi (Unclear license).
The Readme & the GPL license are in direct conflict.
This issue has been ignored for a year and should be clarified. If clarification is unreasonable, this situation would allow a pure GPL community fork to exist in any event. So if you don't want to clarify, I'm just going to fork & remove that bit from the README so I can just deal with everything under the GPL.
If you have an objection to this, let me know.
Hi, I was wondering about this contradiction as well, I've learned about the project from OWASP, and AFAIK, OWASP sponsored projects should have an FLOSS license.
It should be safe to assume it is GPL 2, as it is stated in the OWASP project page, but I think this should be resolved, because it harms the project as a whole.
Looking foward to hearing from the developers