<div class="gmail_quote">On Mon, May 10, 2010 at 1:25 PM, <span dir="ltr"><<a href="mailto:david@lang.hm">david@lang.hm</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5"><br></div></div>
The requirement of the AGPL to provide the exact source code running that version will be seen as a problem to many security people.<br>
<br>
There are many cases where orginizations will not upgrade immediatly on the release of a new version. Anything that requires that potential attackers can see exactly what you are running greatly magnifies the risk, especially for something that is going to be Internet accessable.<br>
<br>
As a result, I would expect that moving to AGPL would hinder the acceptance/deployment of the project, not help it.<br>
<br></blockquote><div><br>Then we already have a huge security problem given that all forms of Koha are currently available in a public repository and in all likelihood the vast majority of users are running it with no security significant changes made. (AAMOF, many run it with default the username/password still in place!)<br>
<br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
As for moving from GPLv2 to GPLv3, what is the reason for making the move? is there code that you want to merge (either way) with a GPLv3 project?<br></blockquote><div><br>Please read my original proposal for the reasoning behind the move.<br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
It's already been posted that you use code from a GPLv2 project, so you would have to get that project to move to GPLv3 (or 2+) to continue using their code.<br></blockquote><div><br>Koha is currently licensed under GPLv2 or later with the exception of OpenNCIP. This is not a blocker, but rather a "bug" to be "fixed." There are no show-stoppers to the move to GPLv3/AGPLv3.<br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Is the code that you will get from moving to GPLv3 worth the loss of the code that you currently get from GPLv2?<br></blockquote><div><br>We will loose know code afaik in such a move. Please cite examples.<br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Do all the contributers agree with relicensing their code under GPLv3?<br></blockquote><div><br>Every contributor who licensed their code under the "GPLv2 or later" clause agreed from the outset. So there is no need to secure any permission to change licenses.<br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
<br>
The FSF claims that the GPLv3 is in the same spirit as the GPLv2, but many programmers disagree (which is why many codebases remain GPLv2)<br>
<br>
<br>
What is the specific behavior that you think is happening under the GPLv2 that you think will be blocked by the GPLv3? I am not a contributer, just a lurker (not even running the program, yet..) but I have not seen any behavior being discussed that would be blocked by the GPLv3.<br>
</blockquote></div><br><br>Again, please re-read my original proposal for the why and wherefore.<br><br>Kind Regards,<br>Chris<br>