Hi,
I am the original author of ModSecurity (http://www.modsecurity.org
),
an open source web application firewall, which is licensed
under GPLv2.
ModSecurity was acquired by Breach Security in late 2006. I
joined
the company at the same time, continuing to manage the
project, which
remained open source.
ModSecurity used to be distributed in Debian but this is no
longer
the case, due to the incompatibility between the GPLv2 and
the Apache
Software License. I would like to explore a licensing
exception as
the fastest way of resolving this problem.
The problem is that an Apache installation typically
consists of many
modules, each with a potentially different licence. I am
only aware of
the incompatibility between the GPLv2 and the ASL, although
other
issues may exist. Although GPLv2 is our licence of choice,
we do not
have an intention to force this licence upon other users and
developers.
I think that it's possible to design a licensing exception
that would
essentially say the following:
- For non-ModSecurity-related modules, allow any open source
licence.
We would either call for any OSI-certified licence, or
explicitly
list every licence allowed.
- Changes to ModSecurity, or modules that work with
ModSecurity to
change or extend its functionality, would remain covered
under GPLv2.
Would an exception that works along these lines satisfy the
requirements
of the Debian project and allow inclusion of ModSecurity in
Debian?
Obviously, we would need to work on the exact wording but
this is an
effort I would be more than happy to undertake, and submit
the
exception for your consideration.
Your help would be most appreciated.
Please note that I do not have the authority to make this
licensing
change decision on my own. I will present my recommendation
to my peers
at Breach Security, after which a decision will be made.
Thanks,
Ivan Ristic
--
To UNSUBSCRIBE, email to debian-legal-REQUEST lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmasterlists.debian.org
|
