[Koha] Proposal To Switch Koha's License to GPLv3 and AGPLv3 or AGPLv3
Chris Nighswonger
cnighswonger at foundations.edu
Tue May 11 05:49:52 NZST 2010
On Mon, May 10, 2010 at 1:25 PM, <david at lang.hm> wrote:
>
> The requirement of the AGPL to provide the exact source code running that
> version will be seen as a problem to many security people.
>
> There are many cases where orginizations will not upgrade immediatly on the
> release of a new version. Anything that requires that potential attackers
> can see exactly what you are running greatly magnifies the risk, especially
> for something that is going to be Internet accessable.
>
> As a result, I would expect that moving to AGPL would hinder the
> acceptance/deployment of the project, not help it.
>
>
Then we already have a huge security problem given that all forms of Koha
are currently available in a public repository and in all likelihood the
vast majority of users are running it with no security significant changes
made. (AAMOF, many run it with default the username/password still in
place!)
> As for moving from GPLv2 to GPLv3, what is the reason for making the move?
> is there code that you want to merge (either way) with a GPLv3 project?
>
Please read my original proposal for the reasoning behind the move.
>
> It's already been posted that you use code from a GPLv2 project, so you
> would have to get that project to move to GPLv3 (or 2+) to continue using
> their code.
>
Koha is currently licensed under GPLv2 or later with the exception of
OpenNCIP. This is not a blocker, but rather a "bug" to be "fixed." There are
no show-stoppers to the move to GPLv3/AGPLv3.
>
> Is the code that you will get from moving to GPLv3 worth the loss of the
> code that you currently get from GPLv2?
>
We will loose know code afaik in such a move. Please cite examples.
>
> Do all the contributers agree with relicensing their code under GPLv3?
>
Every contributor who licensed their code under the "GPLv2 or later" clause
agreed from the outset. So there is no need to secure any permission to
change licenses.
>
>
> The FSF claims that the GPLv3 is in the same spirit as the GPLv2, but many
> programmers disagree (which is why many codebases remain GPLv2)
>
>
> What is the specific behavior that you think is happening under the GPLv2
> that you think will be blocked by the GPLv3? I am not a contributer, just a
> lurker (not even running the program, yet..) but I have not seen any
> behavior being discussed that would be blocked by the GPLv3.
>
Again, please re-read my original proposal for the why and wherefore.
Kind Regards,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20100510/302d0d1c/attachment-0001.htm
More information about the Koha
mailing list