Re: rsaeuro license change?
On Thu, Aug 08, 2002 at 11:30:16AM +0100, RSAEuro General wrote:
>
>
> --On 08 August 2002 00:18 -0400 Brian Ristuccia <brianr@debian.org> wrote:
> > [...]
>
> Hi, thanks for your mail. We would be interested in working something out
> to allow the Internet release of RSAEuro to be included with Debian.
>
> [...]
>
> I think we could review and amend the license to keep with our requirements
> to maintain our rights and make the license in keeping with the Debian
> movement. Reaper Technologies now handles development and management of
> RSAEuro licensing.
>
I agree. There are certainly a number of ways you could permit the use of
RSAEuro in Free Software while still preserving your ability to make money
when proprietary software makers sell software containing it.
> > [ discussion about mandatory sending of changes upstream omitted ]
>
> This looks relatively straight forward to work around. Bare in mind this
> release of RSAEuro part of a more current Commercial product. We would
> like to have RSAEuro distributed with a product such as Debian however we
> would like to maintain some control over 'major' changes that could reflect
> on the commercial product especially compatibility.
>
So requiring a license grant to all recipients (including you) under the
same license terms everone else gets is probably OK. What's not OK in our
case is the compulsory "send us a copy" term. Note that most folks tend to
send their changes to the upstream maintainer whether it's required or not.
Even if they don't, you're likely to find their modified source on a web
site somewhere and still have a good grant of license on it.
As far as preserving RSAEuro's "image" for potential customers in the face
of potentially degrading modifications, one strategy might be to require
changed versions to carry prominent notice of what was changed and modified
versions which break the API to be called something other than RSAEuro.
> > [ discussion about commercial exclusions omitted ]
>
> This element is a tricky one however, as we've mentioned RSAEuro is also a
> commercial product, the 1.04 release is often used by licensees as a
> initial stepping stone into the commercial product, therefore preventing
> them using RSAEuro in commercial applications maintains our business. Any
> assistance on this point would be helpful.
>
So the real problem with this clause is not that it prohibits using RSAEuro
in non-free, proprietary, binary-only, for-profit type software, but the way
in which it attempts to do so. As far as our Free Software guidelines go,
license terms which differentiate between Free and non-free software based
on distribution terms are generally acceptable while those which exclude
certain fields of endeavor using encompassing terms such as "for sale," "for
profit," or "commercial" are generally not. Indeed, there are some people
who sell Debian on CDROM, and I suspect a small number of them may actually
make a profit via their activities.
You could consider dual licensing the source code under both the GNU GPL or
LGPL and an alternative license. Those who plan to use it in Free Software
probably won't be inconvenienced by the GNU licenses, but those who want to
make proprietary binary-only software would have to contact you to make
arrangements in order to obtain the software under an alternate license. Of
course, in the latter case, Reaper Technologies would probably make
arrangements to collect some money as well.
> Also are there any other points that would require looking at?
>
There's a lot of older crypto type software published under the GNU GPL
which uses RSAref which we can not distribute because of incomatibilities
with the RSAREF license. So it would be of greatest assistance to us if a
version of RSAEuro was licensed under terms compatible with the GNU GPL. The
GNU GPL, LGPL, or MIT X11 style license would all be acceptable in this
respect.
Thanks.
--
Brian Ristuccia
brianr@debian.org
brian@ristuccia.com
bristucc@cs.uml.edu
Reply to: