[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web application licenses



Glenn Maynard wrote:
> On Fri, Aug 06, 2004 at 01:15:38PM -0700, Josh Triplett wrote:
> 
>>Note, of course, that you only need to release the source to the work(s)
>>derived from a work under this license, which may not be everything
>>running on the kiosk.  (Of course, you _should_, but you are not
>>_required_ to.)
> 
> ... unless the license is viral.  The general case of an entire system under
> this type of license should be considered; a license shouldn't be considered
> free if its restrictions become too onerous when applied to lots of pieces of
> software.

Very true.

>>Yes, you would have to provide source for the programs users may run on
>>your server, if those programs are covered by this license, or are based
>>on such software.  However, that can probably be handled for 99% of the
>>software on that server by saying "Get it from *.debian.org".
> 
> The case where every piece of software is in some way modified must be
> considered.  Onerous only if modified is still onerous--modification is
> fundamental.

True.  The question becomes: is it too onerous?

After all, people have said the GPL is onerous.  Consider the reference
card scenario.  Either you distribute source at the same time (which is
extremely onerous for a reference card) or you use the "offer valid for
three years" approach (which is not considered the Free option in the GPL).

>>They don't necessarily need to provide source download services, and if
>>they do, they needn't provide those services from the same server that
>>uses the modified Apache.  I would be satisfied with any mechanism that
>>provides the machine-readable source for no more than the cost of
>>distribution.
> 
> This means that, in order to make use of Apache (were it under this type of
> license), I would have to commit to responding to requests for source, as
> well as make the offer.
> 
> That means that I either have to put the source up somewhere--a 6+-meg
> archive, even if I'm just setting up a daemon to host one 10k text file[1]--or
> I have to set up some means of contacting me, sending me money to buy
> media and pay shipping, and I have to spend the time actually burning a
> CD and driving to a mailbox if somebody decides to request it from me.
> this is completely unacceptable to me--in practice, it would probably eat
> about an hour of my time.
> 
> "Point them to ftp.debian.org" no longer works if I had to modify a couple
> lines of code to get the thing to compile, so I don't think that avoids
> the fact that the above is overburdensome.  It's also risky; if ftp.debian.org
> goes down, I may be in violation of the license indefinitely, unless I happen
> to notice.  Also, ftp.debian.org doesn't keep source for all old packages
> around; if I don't upgrade my testing machine, my binary won't match the
> source on that server, and I'll be in violation.

snapshot.debian.net then.  And don't forget that you are allowed to
recoup your costs of performing source distribution.

The point is that "it is burdensome in some cases" does not
automatically equate to "it is non-free"; the GPL and other licenses can
be burdensome in some cases as well.

> In practice, none of this, when applied to binary distribution (GPL), has ever
> been a serious problem for me: binaries and source tend to be of a similar
> magnitude in size--making a 5-meg source available with a 5-meg binary is
> generally not a big jump.  Making a 6-meg source available with a 10k
> source file, however, is different by several orders of magnitude.  I
> would not use Apache if it was under this type of license; it fails my
> personal "pain in the ass" test.

I can think of many cases where the source is larger or more onerous to
distribute than the binary.  Consider the case where the binary is in an
embedded system. Also consider the case when the "binary" is a printed
book, or a reference card, or a printed handout.

> [1] even if it's only for my own use, with a password--other people still
> interact with it, when receiving the "access denied" page

True, but that isn't really the intention.  There must be some way to
define "interact" sanely.  I really don't want to include "access
denied"; consider the effects on firewalled or other limited-access
machines. :)

(Of course, a good firewall doesn't even respond with "access denied",
but that's not relevant here.)

- Josh Triplett

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: