Re: silc license change before v1.0 ?

[Anders N. B. <de...@de...>]

Hi. :-)

> Hello,
>
>> Q: What's wrong with the GPL?
>> A: This is a legitimate question, but the answer is obvious. When the toolkit is
>> licensed under the GPL, it may not be used to create anything but GPL licensed
>> software. This will seriously prevent adaption from other projects. A dedicated silc
>> client *must* currently be licensed under the GPL. Do we want it to be impossible to
>> create commercial or closed-source silc clients, or for that matter, a less
>> restrictive client licensed under for instance the MIT license? Because that is our
>> current situation.
>
> The standards are free, they could very easily write a client, that conform to the
> standard.
>

Sounds like you've been sniffing IRC. :) This is a fairly more complex standard, it's not
an application you can just whip up in 2 minutes using perl. Or, we can let them use the
toolkit for all purposes.

> If they use Pekka's and other's code, they can just contribute. Anyways, I feel
> having a proper independent (even commercial) implementation of the protocol _NOT_
> based on the Silc Toolkit.

We want to ensure quality though don't we? If people don't feel they've got the neccesary
skills in security and programming to produce a quality piece of software, it'll only
damage silc's reputation if they make an inferior, insecure program. And there's nothing
stopping them from contributing their modifications.

>>
>> Q: Ok, can't we just use LGPL?
>> A: Most people asking this question hasn't actually read GPL or LGPL, and assume the
>> LGPL is just GPL without the clause about dependency. This is wrong. It's got it's
>> own additional quirks. Some of them won't even hold up in court in most civilized
>> countries. :-)
>
> In our courts, neither MIT license or any other Free Software license won't hold up.
>

I think that's wrong. The copyright holder is allowed to grant/reserve permissions to do
anything with his product, which is what these "simpler" licenses do.

> Still, you make an assumption about ,,holding up''. For this to happen, there must be
> someone to actually try it there :). The question is -- why?
>

Just refering to what kind of people wrote the licenses. :)

>> Q: But many many thousands of programmers are using the GPL/LGPL, shouldn't we? A:
>> There are reasons to use GPL/LGPL on some projects. These projects are usually
>> standalone applications intended to be replacements for commercial products, such as
>> gimp and gcc. We are making a reference implementation of the silc protocol, this
>> project in its current state is not intended for commercial distribution. If pekka
>> later wants to make a commercial program from this, there's nothing stopping him,
>> but that will not be a reference implementation. This is.
>
> So the reference implementation should stay free, away from ,,embrace and extend''
> practices of some onnamed proprietary vendors. If they want to implement proprietary
> implementation of the protocol, they are free to do so (and I hope even welcome to do
> so), but they can't use the code. If you get something, you should return something.
>

Yes, you should. *Should*. Not *must*, just *should*. With GPL, it's *must*. :)

>> Q: So what license should we use?
>> A: Personally, I think the BSD license is a good choice. It's not nazi restrctive
>> and it's simple enough for people to be able to read it, and more importantly,
>> understand it.
>
> While I personally use *BSD systems, I don't think this is good for the project in
> it's present state.
>

But we see how BSD and BSDish licensed projects (Apache, FreeBSD, etc) tends to be of high
quality with a high number of contributions. The copylefting of wine (the *nix windows
emulator) actually reduced the number of contributors to the project. So I don't see why
it's bad.

>> Q: Why are you constantly reffering to "we" when it's pekka's project. A: Isn't the
>> spirit of GPL to be a community about the project? ;) Seriously though, I see silc
>> as a community effort, even though pekka does most of the actual coding.
>
> Well, I think it's on pekka to decide, but I personally (I have my feelings about it
> too, since I like the SILC project -- I talk about it just like you do -- I hope this
> is a good place for such discussions, if not, please privately tell me not to comment
> :) feel, that current licensing is nice. I will probably, in a later time, even use
> the
> project commercialy (I have some plans too), but I _STILL_ want it to stay GNU GPL
> (and of course I will contribute any changes I make).

And I will contribute any changes I make too, if I don't have to make my own
implementation in order to make a commercial client.

> Anyways, you are trying to solve some ,,problem''. So please state what are the
> symptoms. Is there a project you want to base on silc libraries? I don't see the
> point here, you are trying to solve something, that not many of us perceive as a
> problem.

Many world catastrophes could've been avoided if people realised the problems in time:)
Seriously though. I can see obvious problems with the project being GPL, as mentioned in
my previous post.

> So where is the actual problem? GNU GPL not tested in court? Why should it
> matter, Pekka is doing the coding in Finland and there's no precendent-based law
> there.

But that assumes a violation would've been committed in Finland wouldn't it?

> Not allowing proprietary modifications of the libraries? What's the problem?
> No ,,embrace and extend'' practices and if someone makes compliant
> implementation, it is good for the project. If not, it will simply not be ,,silc''.
>

It can be compliant and still have more holes than Titanic. For obvious reasons, it's sort
of hard to state "must not have security holes" in the specs.

- Anders Nor Berle