On Thu, Aug 08, 2002 at 11:30:16AM +0100, RSAEuro General wrote: > > > --On 08 August 2002 00:18 -0400 Brian Ristuccia <[EMAIL PROTECTED]> wrote: > > [...] > > Hi, thanks for your mail. We would be interested in working something out > to allow the Internet release of RSAEuro to be included with Debian. > > [...] > > I think we could review and amend the license to keep with our requirements > to maintain our rights and make the license in keeping with the Debian > movement. Reaper Technologies now handles development and management of > RSAEuro licensing. >
I agree. There are certainly a number of ways you could permit the use of RSAEuro in Free Software while still preserving your ability to make money when proprietary software makers sell software containing it. > > [ discussion about mandatory sending of changes upstream omitted ] > > This looks relatively straight forward to work around. Bare in mind this > release of RSAEuro part of a more current Commercial product. We would > like to have RSAEuro distributed with a product such as Debian however we > would like to maintain some control over 'major' changes that could reflect > on the commercial product especially compatibility. > So requiring a license grant to all recipients (including you) under the same license terms everone else gets is probably OK. What's not OK in our case is the compulsory "send us a copy" term. Note that most folks tend to send their changes to the upstream maintainer whether it's required or not. Even if they don't, you're likely to find their modified source on a web site somewhere and still have a good grant of license on it. As far as preserving RSAEuro's "image" for potential customers in the face of potentially degrading modifications, one strategy might be to require changed versions to carry prominent notice of what was changed and modified versions which break the API to be called something other than RSAEuro. > > [ discussion about commercial exclusions omitted ] > > This element is a tricky one however, as we've mentioned RSAEuro is also a > commercial product, the 1.04 release is often used by licensees as a > initial stepping stone into the commercial product, therefore preventing > them using RSAEuro in commercial applications maintains our business. Any > assistance on this point would be helpful. > So the real problem with this clause is not that it prohibits using RSAEuro in non-free, proprietary, binary-only, for-profit type software, but the way in which it attempts to do so. As far as our Free Software guidelines go, license terms which differentiate between Free and non-free software based on distribution terms are generally acceptable while those which exclude certain fields of endeavor using encompassing terms such as "for sale," "for profit," or "commercial" are generally not. Indeed, there are some people who sell Debian on CDROM, and I suspect a small number of them may actually make a profit via their activities. You could consider dual licensing the source code under both the GNU GPL or LGPL and an alternative license. Those who plan to use it in Free Software probably won't be inconvenienced by the GNU licenses, but those who want to make proprietary binary-only software would have to contact you to make arrangements in order to obtain the software under an alternate license. Of course, in the latter case, Reaper Technologies would probably make arrangements to collect some money as well. > Also are there any other points that would require looking at? > There's a lot of older crypto type software published under the GNU GPL which uses RSAref which we can not distribute because of incomatibilities with the RSAREF license. So it would be of greatest assistance to us if a version of RSAEuro was licensed under terms compatible with the GNU GPL. The GNU GPL, LGPL, or MIT X11 style license would all be acceptable in this respect. Thanks. -- Brian Ristuccia [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
