On Mon, May 10, 2010 at 1:25 PM, <david@lang.hm> wrote:
The requirement of the AGPL to provide the exact source code running that version will be seen as a problem to many security people.
There are many cases where orginizations will not upgrade immediatly on the release of a new version. Anything that requires that potential attackers can see exactly what you are running greatly magnifies the risk, especially for something that is going to be Internet accessable.
As a result, I would expect that moving to AGPL would hinder the acceptance/deployment of the project, not help it.
Then we already have a huge security problem given that all forms of Koha are currently available in a public repository and in all likelihood the vast majority of users are running it with no security significant changes made. (AAMOF, many run it with default the username/password still in place!)
As for moving from GPLv2 to GPLv3, what is the reason for making the move? is there code that you want to merge (either way) with a GPLv3 project?
Please read my original proposal for the reasoning behind the move.
It's already been posted that you use code from a GPLv2 project, so you would have to get that project to move to GPLv3 (or 2+) to continue using their code.
Koha is currently licensed under GPLv2 or later with the exception of OpenNCIP. This is not a blocker, but rather a "bug" to be "fixed." There are no show-stoppers to the move to GPLv3/AGPLv3.
Is the code that you will get from moving to GPLv3 worth the loss of the code that you currently get from GPLv2?
We will loose know code afaik in such a move. Please cite examples.
Do all the contributers agree with relicensing their code under GPLv3?
Every contributor who licensed their code under the "GPLv2 or later" clause agreed from the outset. So there is no need to secure any permission to change licenses.
The FSF claims that the GPLv3 is in the same spirit as the GPLv2, but many programmers disagree (which is why many codebases remain GPLv2)
What is the specific behavior that you think is happening under the GPLv2 that you think will be blocked by the GPLv3? I am not a contributer, just a lurker (not even running the program, yet..) but I have not seen any behavior being discussed that would be blocked by the GPLv3.
Again, please re-read my original proposal for the why and wherefore. Kind Regards, Chris