New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

License conflict #82

blotus opened this Issue Aug 31, 2013 · 9 comments


None yet
9 participants

blotus commented Aug 31, 2013

From on August 02, 2013 14:28:04

The description of the license on the main page is inconsistent with the license itself.

The page states that naxsi is "OpenSource and free to use for your company or personal own use (ie: as long as you don't resell a service or product based on Naxsi to customers)."

The freedom to sell is an important part of Free (as in freedom) Software. In fact, the Free Software Foundation (the authors of the GPL) specifically encourages people to charge "as much as they wish or can", and the GPL itself states that "You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee."

The Freedom involved in Free Software has nothing to do with price, rather, it's about what you can do with it (liberty). There is "freeware" that is distributed under very restrictive terms, and there is commercial software (like RedHat Enterprise) that costs money, but provides you a great deal of freedom by providing the source code and using a license that doesn't attempt to take freedoms away. If you like, you are free to get the software from another source (such as CentOS), but RedHat is under no obligation to provide their labor for free.

Instead of preventing you from selling software, free software protects the right of your customers to modify and redistribute as /they/ see fit, for free, or for a fee. They are free to buy it as a group, then give it away without charge, should they so choose.

A good read on the subject: As for reselling a service based on naxsi, the GPL is a copyleft license (one that uses copyright to ensure freedoms, rather than take them away). It is based upon the concept that copyright prohibits distribution of other people's work without a license. Because of that, the license can say "when you distribute this software, you need to provide the source code upon request, and do so under the GPL" (for example). With a service, the software is never distributed, so the license does not kick in. In fact, the GPL specifically states:

"Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program)."

In the United States, the Copyright Act contains a section specifically limiting the rights that copyright holders have. It's found in section 117, "Limitations on exclusive rights: Computer programs". Other countries have similar limitations. This section of the law specifically exempts copies made "as an essential step in the utilization of the computer program". This means that once one has legally acquired a piece of software, one does not need permission to install or run it (despite what some EULAs might try to make you think or agree to). Because of this, a service based on legitimately acquired software isn't subject to license restrictions (though it may be possible to use a contract to impose restrictions as part of a sale).

Original issue:


This comment has been minimized.

kgodwin commented Sep 4, 2014

I'd just like to bump this issue as its part of why I'm considering using Mod_Security instead of Naxsi (Unclear license).

The Readme & the GPL license are in direct conflict.

This issue has been ignored for a year and should be clarified. If clarification is unreasonable, this situation would allow a pure GPL community fork to exist in any event. So if you don't want to clarify, I'm just going to fork & remove that bit from the README so I can just deal with everything under the GPL.

If you have an objection to this, let me know.



This comment has been minimized.

davidstrauss commented Oct 5, 2014

In addition, it's unclear how the rules are licensed, given that there's no repository-wide license posted in a file like LICENSE.txt or COPYING.txt.


This comment has been minimized.

kgodwin commented Jan 28, 2015

Just figured I'd give this a bump since its been 3+ months.


This comment has been minimized.

organsnyder commented Mar 31, 2015

I'm unable to use this software on my company's servers because of this license. Please consider adopting a standard OSI-approved license.


This comment has been minimized.

singold commented May 5, 2015

Hi, I was wondering about this contradiction as well, I've learned about the project from OWASP, and AFAIK, OWASP sponsored projects should have an FLOSS license.

It should be safe to assume it is GPL 2, as it is stated in the OWASP project page, but I think this should be resolved, because it harms the project as a whole.

Looking foward to hearing from the developers



This comment has been minimized.

singold commented May 7, 2015

Reading the code, I've found that most files have a license header that say it is GPLv2, so I've created a pull request (#196) adding the license an reflecting that change in the README.


This comment has been minimized.

whiteadam commented Aug 27, 2015


@jvoisin jvoisin added this to the 1.0 milestone Apr 11, 2016

@jvoisin jvoisin removed the imported label Apr 11, 2016


This comment has been minimized.


jvoisin commented Sep 16, 2016

Currently, github shows that the project is under GPLv3.

@jvoisin jvoisin removed the med prio label Oct 13, 2016


This comment has been minimized.


p0pr0ck5 commented Feb 25, 2017

Is there any movement here? There is still a conflict between the provided LICENSE file (GPL3) and various legal headers in source (GPL2).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment