Re: Libapache-mod-backhand: load balancing Apache requests.

To: debian-legal@lists.debian.org
Cc: brian@collab.net
Subject: Re: Libapache-mod-backhand: load balancing Apache requests.
From: Richard Braakman <dark@xs4all.nl>
Date: Thu, 5 Apr 2001 07:38:15 +0300
Message-id: <20010405073815.A2417@cs140102.pp.htv.fi>
In-reply-to: <Pine.BSF.4.31.0104041315160.31650-100000@localhost>; from brian@collab.net on Wed, Apr 04, 2001 at 01:26:13PM -0700
References: <20010404143213.A1624@cs140102.pp.htv.fi> <Pine.BSF.4.31.0104041315160.31650-100000@localhost>

On Wed, Apr 04, 2001 at 01:26:13PM -0700, Brian Behlendorf wrote:
> I am pretty sure that such a clause has always been a part of the Apache
> licenses.  The intent is pretty simple - we don't want people calling
> their commercial derivatives "Apache++", "ApachePro", etc.

I think there was an earlier version that looked like this:

====================================================================
Copyright (c) 1995 The Apache Group.  All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in
   the documentation and/or other materials provided with the
   distribution.

3. All advertising materials mentioning features or use of this
   software must display the following acknowledgment:
   "This product includes software developed by the Apache Group
    for use in the Apache HTTP server project (http://www.apache.org/)."

4. The names "Apache Server" and "Apache Group" must not be used to
   endorse or promote products derived from this software without
   prior written permission.

5. Redistributions of any form whatsoever must retain the following
   acknowledgment:
   "This product includes software developed by the Apache Group
   for use in the Apache HTTP server project (http://www.apache.org/)."

THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
====================================================================

Unfortunately I don't know which Apache version this license came from.

> So, one thing the Apache developers have considered doing is coming up
> with a list of prereq's that, if satisfied, a product could carry the name
> Apache.  This is tricky ground, though, because you know some corporate
> type is going to look for loopholes in that definition so that can legally
> meet the requirements and still call their tool "ApachePro".

This approach would be similar to TeX, I think, which has a detailed
compatibility test that all implementations must pass in order to
call themselves TeX.

Creating such a test would be a lot of work if you don't already
have one.

> a) The Debian maintainers for Apache should join the appropriate
> developers lists, and volunteer to create .deb packages for Apache that we
> can distribute from apache.org.  Those packages can then be distributed
> from debian.org as well, carrying the same name, since they're the same
> file.  I strongly recommend this approach.

Ah, this is an alternative I hadn't thought of.  It has some problems
from Debian's perspective, though, mainly related to the fact that most
Debian developers will not be part of it.  For example, what happens
if our Security Team has to quickly release a new Apache package?

Also, will the Debian maintainers that are involved be able to freely
create new apache debs when needed, or will they have to go through
some kind of approval process?

> b) The Debian maintainers for Apache could email apache@apache.org asking
> for permission, as the license suggests.  I don't recommend this
> direction, because then it would cause us to have to define what it is
> we're agreeing to, etc... it could get messy.  Though the consensus would
> probably be, Debian's a reputable group, so let them do it.  I see the
> concern about issue #8 in the DFSG - I think that's not relevant, because
> the original license stands and is non-Debian-specific.

The reason I bought up DFSG #8 is that if renaming the package is a
significant inconvenience (partly because of our name-oriented package
structure, partly because all places where Apache announces its own
name have to be hunted down), then I think that the package is _not_
free if making a modification means first dealing with this inconvenience.

If we shift this inconvenience on to our users while getting a special
exemption ourselves, then I think clause 8 comes into play.

By the way, I'm not sure how much would be involved in a renaming.
Would it be sufficient if the package name were changed, while it
continues to generate "Server: Apache/1.3.19 (Unix) Debian/GNU"
headers?

> The reason I recommend a) is because:
> 
> > The Debian package of apache is clearly a derived product -- it
> > has 600 kilobytes of diffs, including patches to core Apache files.
> 
> Wow!  What *are* those diffs? [...]

A quick scan shows some added modules (mod_auth_sys, mod_autoindex,
mod_throttle), a lot of Debian packaging (including an "apacheconfig"
tool, sample httpd.conf and a huge debian/changelog), and ten actual
patches.

The diffs (for the version I'm looking at) are available as
  http://ftp.debian.org/debian/pool/main/a/apache/apache_1.3.19-1.diff.gz

I can't answer your other questions, since I'm not the Debian apache
maintainer.

> [...]  Ideally, we work
> creating .deb files into our release process, so that a .deb is created
> as a side-effect of doing a release (or soon after).

We often have to make more than one Debian package per release, though,
in order to track changes in Debian policy and to fix packaging errors.
(Ten Debian revisions per upstream release is not unusual.)

> Comments?

My main one is that I think that protecting the name of your project
is much better done through trademarks than through copyright.
Trademarks were designed for this, and copyright won't protect you
if someone writes a new HTTP server (there are certainly plenty of
them around) and decides to call it Apache*Pro or something.

The trademark approach works for several open projects I know of,
including Debian itself, Linux, and the Kannel project (which I do
for a living).

Richard Braakman

(Should I continue to Cc you?  I'm not sure if you're on debian-legal)

Reply to:

Follow-Ups:
- Re: Libapache-mod-backhand: load balancing Apache requests.
  - From: Brian Behlendorf <brian@collab.net>

References:
- Re: Libapache-mod-backhand: load balancing Apache requests.
  - From: Richard Braakman <dark@xs4all.nl>
- Re: Libapache-mod-backhand: load balancing Apache requests.
  - From: Brian Behlendorf <brian@collab.net>

Prev by Date: Re: DFSG and fonts [was: Bug#91856: Hello]
Next by Date: sox license (Re: Bug#92969: Non-free license in ADPCM support.)
Previous by thread: Re: Libapache-mod-backhand: load balancing Apache requests.
Next by thread: Re: Libapache-mod-backhand: load balancing Apache requests.
Index(es):
- Date
- Thread