naxsi icon indicating copy to clipboard operation
naxsi copied to clipboard

Published 20 hours ago verified publisher icon nbs-system

License conflict

Open blotus opened this issue 10 years ago • 9 comments

From [email protected] on August 02, 2013 14:28:04

The description of the license on the main page is inconsistent with the license itself.

The page states that naxsi is "OpenSource and free to use for your company or personal own use (ie: as long as you don't resell a service or product based on Naxsi to customers)."

The freedom to sell is an important part of Free (as in freedom) Software. In fact, the Free Software Foundation (the authors of the GPL) specifically encourages people to charge "as much as they wish or can", and the GPL itself states that "You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee."

The Freedom involved in Free Software has nothing to do with price, rather, it's about what you can do with it (liberty). There is "freeware" that is distributed under very restrictive terms, and there is commercial software (like RedHat Enterprise) that costs money, but provides you a great deal of freedom by providing the source code and using a license that doesn't attempt to take freedoms away. If you like, you are free to get the software from another source (such as CentOS), but RedHat is under no obligation to provide their labor for free.

Instead of preventing you from selling software, free software protects the right of your customers to modify and redistribute as /they/ see fit, for free, or for a fee. They are free to buy it as a group, then give it away without charge, should they so choose.

A good read on the subject: http://www.gnu.org/philosophy/selling.html As for reselling a service based on naxsi, the GPL is a copyleft license (one that uses copyright to ensure freedoms, rather than take them away). It is based upon the concept that copyright prohibits distribution of other people's work without a license. Because of that, the license can say "when you distribute this software, you need to provide the source code upon request, and do so under the GPL" (for example). With a service, the software is never distributed, so the license does not kick in. In fact, the GPL specifically states:

"Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program)."

In the United States, the Copyright Act contains a section specifically limiting the rights that copyright holders have. It's found in section 117, "Limitations on exclusive rights: Computer programs". Other countries have similar limitations. This section of the law specifically exempts copies made "as an essential step in the utilization of the computer program". This means that once one has legally acquired a piece of software, one does not need permission to install or run it (despite what some EULAs might try to make you think or agree to). Because of this, a service based on legitimately acquired software isn't subject to license restrictions (though it may be possible to use a contract to impose restrictions as part of a sale).

Original issue: http://code.google.com/p/naxsi/issues/detail?id=83

blotus avatar Aug 31 '13 16:08 blotus

I'd just like to bump this issue as its part of why I'm considering using Mod_Security instead of Naxsi (Unclear license).

The Readme & the GPL license are in direct conflict.

This issue has been ignored for a year and should be clarified. If clarification is unreasonable, this situation would allow a pure GPL community fork to exist in any event. So if you don't want to clarify, I'm just going to fork & remove that bit from the README so I can just deal with everything under the GPL.

If you have an objection to this, let me know.

Thanks.

kgodwin avatar Sep 04 '14 17:09 kgodwin

In addition, it's unclear how the rules are licensed, given that there's no repository-wide license posted in a file like LICENSE.txt or COPYING.txt.

davidstrauss avatar Oct 05 '14 04:10 davidstrauss

Just figured I'd give this a bump since its been 3+ months.

kgodwin avatar Jan 28 '15 20:01 kgodwin

I'm unable to use this software on my company's servers because of this license. Please consider adopting a standard OSI-approved license.

csnyder616 avatar Mar 31 '15 18:03 csnyder616

Hi, I was wondering about this contradiction as well, I've learned about the project from OWASP, and AFAIK, OWASP sponsored projects should have an FLOSS license.

It should be safe to assume it is GPL 2, as it is stated in the OWASP project page, but I think this should be resolved, because it harms the project as a whole.

Looking foward to hearing from the developers

Regards

singold avatar May 05 '15 17:05 singold

Reading the code, I've found that most files have a license header that say it is GPLv2, so I've created a pull request (#196) adding the license an reflecting that change in the README.

singold avatar May 07 '15 01:05 singold

+1

whiteadam avatar Aug 27 '15 11:08 whiteadam

Currently, github shows that the project is under GPLv3.

jvoisin avatar Sep 16 '16 14:09 jvoisin

Is there any movement here? There is still a conflict between the provided LICENSE file (GPL3) and various legal headers in source (GPL2).

p0pr0ck5 avatar Feb 25 '17 04:02 p0pr0ck5