[Koha] Proposal To Switch Koha's License to GPLv3 and AGPLv3 or AGPLv3

david at lang.hm david at lang.hm
Tue May 11 05:25:25 NZST 2010


On Mon, 10 May 2010, Galen Charlton wrote:

> 2010/5/10 Chris Nighswonger <cnighswonger at foundations.edu>:
>> Or
>> (better yet) simply ensuring that all such modified code is immediately
>> contributed to the main code base would also seem to satisfy this
>> requirement.
>
> No, it wouldn't - not all contributions would (or should) get accepted
> into Koha's main line, and a series of patch messages in the
> koha-patches archives does not constitute a "standard" means of
> sharing software IMO.  If Koha becomes licensed under the APGL3, a
> hosting firm would be entirely entitled to simply set up an FTP server
> that supplies tarballs of their customized versions of Koha.  While
> publishing a public Git repository would be a better way of sharing
> such code, we can't mandate it or require that contributions be sent
> back to the project.

The requirement of the AGPL to provide the exact source code running that 
version will be seen as a problem to many security people.

There are many cases where orginizations will not upgrade immediatly on 
the release of a new version. Anything that requires that potential 
attackers can see exactly what you are running greatly magnifies the risk, 
especially for something that is going to be Internet accessable.

As a result, I would expect that moving to AGPL would hinder the 
acceptance/deployment of the project, not help it.

As for moving from GPLv2 to GPLv3, what is the reason for making the move? 
is there code that you want to merge (either way) with a GPLv3 project?

It's already been posted that you use code from a GPLv2 project, so you 
would have to get that project to move to GPLv3 (or 2+) to continue using 
their code.

Is the code that you will get from moving to GPLv3 worth the loss of the 
code that you currently get from GPLv2?

Do all the contributers agree with relicensing their code under GPLv3?


The FSF claims that the GPLv3 is in the same spirit as the GPLv2, but many 
programmers disagree (which is why many codebases remain GPLv2)


What is the specific behavior that you think is happening under the GPLv2 
that you think will be blocked by the GPLv3? I am not a contributer, just 
a lurker (not even running the program, yet..) but I have not seen 
any behavior being discussed that would be blocked by the GPLv3.

David Lang


More information about the Koha mailing list