Ivan Ristic <email@example.com> wrote:
I think that it's simply in everyone's best interests to make
ModSecurity as good as it can possibly be. I am actually going to be
actively looking for ways to make contributing easier than it was. The
monolithic structure of 1.x was making this somewhat difficult. The
plan is to make ModSecurity modular (significant changes were made in
2.x to support this) so that people can contribute the functionality
they are interested in without having to understand the entire
project. This model worked well for Linux and I am hoping it will work
for us too.
I think community involvement becomes difficult because of Apache and GPL incomptiblity issues. Let us say you are not with the new company, does community and you have
legal rights to continue development of mod-security. OpenBSD and NetBSD (which is for profit) co-existed because they were catering to different user communities, one needs support and othe doesn't. There will be less maintenance too, Apache foundation supports several important components community needs like mod-ssl, mod-proxy etc. Exisitng mod-security users do they really have legal license to use the product, because of this incompatiblity issue. By adopting single license these problems can be avoided.
There is nothing wrong with commercial products, there are large number of them who need support and tools. We wish you all the best.