[Pipet Devel] Licensing issues

Jean-Marc Valin jean-marc.valin at hermes.usherb.ca
Thu Sep 7 17:28:04 EDT 2000 

> The only place we've this Corba 'linking' problem is with 3th party UI's, isn't it?

There might be some other cases, but I think 3rd part UI's would be the most
important.

> 
> If we want people to be 100% free to build UI's we should go for LGPL.

This means the DL should be LGPL, but the BL's than run on each machine could be
GPL. ...it all depends on how you see the linking... with remote comunications,
this becomes very blured. For instance, you can't ask that the user of a GPL'd
ftp client only connects to GPL'd ftp servers... of that mozilla (which is GPL)
only goes to sites that run apache. The same way, I don't think we can forbid
non-free BL's that can be connected to the rest of the system (even if
everything else is GPL'ed).

> Piper UI -> Piper DL -> '3th party BL' -> PL
> 
> What if this 3th party BL registers to our central coordination database, or what
> if it screws
> to authentication meganism? It can be done very easily if one were to recode some
> core
> parts of the BL. Like has happend to icq. Clones line gnomeicu 'parasite' upon
> mirabilis.
> gnapser this to Napster. etc.
> 
> I whould therefore see we licence our communication formats (like the XML format,
> corba API) very strict!
> Something that would allow people to build UI's, link TO Piper (not link Piper INTO
> some other app), and
> 'hook' apps into the PL. I see much chaos wonce parts of piper are to be 'emulated'
> by some 3th party.

We cannot (and shouldn't) prevent 3rd party BL's. The only way to do that is
through proprietary (patented) protocols and we don't want to do that. As for
the authentication mecanism, it has to work for any (even hostile BL's). Napster
had problems because it's assumed all its clients were the official clients.
This kind of security is flawed, even more in OSS. If a 3rd party BL can screw
up the authentication, then nothing prevents a cracker to modify your BL source
to screw it up. This means that your BL is not secure. This is why we sould not
try to prevent 3rd-party BL's (that's the whole point of open-source: someone
can modify your work). However, if the BL links with the PL, then depending on
the PL license, a closed-source BL may or may not be legal... but then they
could provide their own PL and there'd be nothing we can do.

Before we start going into license (in)compatibilities, let's start by deciding
what kind of things we want to prevent. We know we don't want people to take our
code and make it proprietary. That leaves us with GPL and LGPL. Now is there any
kind of "linking" we want to prevent? If not, then we can almost LGPL
everything. If not, we need to see what needs to be GPL and what needs to be
LGPL.

	Jean-Marc

-- 
Jean-Marc Valin
Universite de Sherbrooke - Genie Electrique
valj01 at gel.usherb.ca

More information about the Pipet-Devel mailing list