[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Licensing exception to increase product compatibility


I am the original author of ModSecurity (http://www.modsecurity.org),
an open source web application firewall, which is licensed under GPLv2.
ModSecurity was acquired by Breach Security in late 2006. I joined
the company at the same time, continuing to manage the project, which
remained open source.

ModSecurity used to be distributed in Debian but this is no longer
the case, due to the incompatibility between the GPLv2 and the Apache
Software License. I would like to explore a licensing exception as
the fastest way of resolving this problem.

The problem is that an Apache installation typically consists of many
modules, each with a potentially different licence. I am only aware of the incompatibility between the GPLv2 and the ASL, although other
issues may exist. Although GPLv2 is our licence of choice, we do not
have an intention to force this licence upon other users and developers.
I think that it's possible to design a licensing exception that would
essentially say the following:

- For non-ModSecurity-related modules, allow any open source licence.
  We would either call for any OSI-certified licence, or explicitly
  list every licence allowed.

- Changes to ModSecurity, or modules that work with ModSecurity to
  change or extend its functionality, would remain covered under GPLv2.

Would an exception that works along these lines satisfy the requirements
of the Debian project and allow inclusion of ModSecurity in Debian?
Obviously, we would need to work on the exact wording but this is an
effort I would be more than happy to undertake, and submit the
exception for your consideration.

Your help would be most appreciated.

Please note that I do not have the authority to make this licensing
change decision on my own. I will present my recommendation to my peers
at Breach Security, after which a decision will be made.

Ivan Ristic

Reply to: