Apache License更適合中國人,正式迎接Wayer Grant的挑戰(zhàn)
很久以前,我開始著手寫一些基于Security的插件,由于我使用Eclipse,Eclipse插件似乎本身對我很有幫助,我在從事插件開發(fā)的同時(shí),只是寫一些很簡單的基于BouncyCastle的工具類。有一天,我看到了Portecle, 它是KeytoolGUI的一個(gè)分支,我覺得它的功能跟KeyStore 2.4大同小異,版權(quán)信息表明,2004年以后Wayne Grant并沒有再參與此軟件的任何開發(fā)。
Copyright ? 2004 Wayne Grant
2004 Mark Majczyk
2004-2005 Ville Skytt?
我著手在Protecle和KeytoolGUI的基礎(chǔ)上編寫一個(gè)安全插件,名為SecureX。Protecle和KeytoolGUI是基于Swing,我編寫了一個(gè)跟他們幾乎很相像的SWT使用界面(當(dāng)然不少地方作了增強(qiáng)),我希望使用上述的copyright來發(fā)布該Eclipse插件,我這樣想的理由有兩個(gè):
第一,SecureX不只是集成KeytoolGUI這個(gè)證書管理模塊,而且還會集成簽名,加密等模塊,這樣,我們將來開發(fā)界面應(yīng)用的時(shí)候,我們開源隊(duì)伍可以同步開發(fā),只要我們按照Eclipse RCP規(guī)范,我們不存在任何的集成問題。
第二,SecureX不希望使用GPL,而想使用Apache License。但由于Wayne Grant多次警告,如果我relicense(使用了他的代碼于SecureX,并將SecureX重新定位于Apache License),他將對我采取法律行動。其實(shí),GPL跟Apache License的最大區(qū)別是,GPL要求修改代碼必須也遵守GPL,也就是說,如果我屈服于wayne, 將SecureX應(yīng)用了GPL,其他人將無法將SecureX應(yīng)用于商業(yè)用途,除非他們承諾他們的商業(yè)軟件遵循GPL,你說可能嗎:) 相比之下,Apache License更自由,它強(qiáng)調(diào)使用源代碼的人不需要公開自己的源代碼(修改后的源代碼),也就是說,如果SecureX使用Apache License,SecureX的用戶可以任意修改它,并且可以選擇以源代碼的方式或者二進(jìn)制代碼的方式發(fā)布他們自己的成果(他們唯一需要做的是——在他們的成果中聲明使用了SecureX的代碼).
我第一次向Wayne發(fā)郵件,邀請他他的回信如下:
Hello David,
Some guidance for you.
I have copyright over KeyTool GUI. You therefore cannot call your
application "KeyTool GUI" or anything similar. Lazgo Software has copyright
and trademark over "KeyStore Explorer" so you cannot call it that either.
KeyTool GUI is GPL software. If your application contains code from KeyTool
GUI then your application as a whole must obey the GPL license. This means
that you must release your own code as GPL and not under any other license
terms. The headers in the existing code must be left how you found them -
that is with the GPL license and my copyright intact.
I have no wish to be listed as author of your application. Simply state on
your web site and in the application that your application is based on a
fork of KeyTool GUI of which I am the copyright owner. For an example see
the Portecle web site (http://portecle.sourceforge.net/) - Portecle is
similar to your app in that it is a fork of KeyTool GUI.
Let me know if you have any questions.
- Wayne.
----------------------------------
Dear Waner Grant:
I've written a Keytool Eclipse Plugin which support most features of KeyStore
2.4.
As you know, KeyStore 2.4 is written in Swing, I rewirte your
application by SWT.
So that it has a native look and more, I integrate my XML signature module
in this
application.
For more info, see
http://dev2dev.bea.com.cn/bbs/thread.jspa?forumID=29304&threadID=31955&tstart=0
And i will publish this Eclipse Plugin in next two weeks. Becasue wanner
Grant
is the first author of this software, So I plan to use his name as first
author and mine
as the second author. Will this be reasonable?
Any Advice would be great appreciately.
Wayne的目的很簡單,他要求我不能使用Keytool GUI或者KeyStore Explorer類似的名稱, 并且他要求我
必須使用GPL的許可證,這一點(diǎn)我非常不滿,我于是回信給他,強(qiáng)調(diào)我要求relicense GPL。我知道我這樣
說有點(diǎn)對牛彈琴,因?yàn)樗麘?yīng)該不會授權(quán)我relicense。
The shell is all written by me. And I will add signature and
Watermark feature to this software, I only use some
Util Class of your KeyTool GUI such as KeyPairUtil, DigestUtil
and X509CertUtil etc and of Course,I will not change the code
and the header of them!
Feel ease if I don't plan to abidance by GPL :) I like Apache
License only.
The new release of SecureX Eclipse Plugin will all be free but
i will opensource in the next release becasue the code is too
bad:(
Beta SecureX plugin will be publish next week, so if you have more
advice, please let me know.
regards
david
Wayne的回復(fù)同樣讓我感到很大的壓力,除非我必須遵循GPL,否則我似乎無所作為:
David,
>I only use some
>Util Class of your KeyTool GUI such as KeyPairUtil, DigestUtil
>and X509CertUtil etc and of Course,I will not change the code
>and the header of them!
>
>Feel ease if I don't plan to abidance by GPL :) I like Apache
>License only.
If an application contains GPL code then the whole application must be GPL.
Your choices are:
1) to not use any of KeyTool GUI code in your application
2) or to license your application through the GPL.
To do anything else will break the terms of the GPL license that protect
KeyTool GUI - you will be breaking the law. You can check this for yourself
in the GPL license - http://www.gnu.org/licenses/gpl.html. Section 2 b is
the relevant part:
"You must cause any work that you distribute or publish, that in whole or in
part contains or is derived from the Program or any part thereof, to be
licensed as a whole at no charge to all third parties under the terms of
this License."
Basically you are deriving something from KeyTool GUI code that is GPL -
even if you are only using a couple of files they are covered by the GPL
license and anything they are used for must also be GPL as a whole.
If you go ahead and any KeyTool GUI code within your application and do not
license it as GPL then I will be forced to take action. The reason I chose
GPL as the license was to protect it from being re-licensed.
>The new release of SecureX Eclipse Plugin will all be free but
>i will opensource in the next release becasue the code is too
>bad:(
Again you cannot do this under the terms of the GPL - if you release a GPL
project then the source code must be available. I believe the same applies
with Apache.
Get in touch if you have any questions.
Cheers,
既然我必須遵循GPL,我只能學(xué)微軟的骯臟招數(shù)——模仿,并且聲明我會重寫他的所有類,
同時(shí),我明確,China跟USA的國情有所不同,我完全有能力選擇Apache License而繞過
源代碼創(chuàng)建者的授權(quán)(授權(quán)我Relicense)。
我的回信如下:
Wayne:
>If you go ahead and any KeyTool GUI code within your application and do not
>license it as GPL then I will be forced to take action.
I do think there must be some difference between countries, And when worked in
USA, GPL should be respected but what about in Other Countries that have no
law about GPL :)
>The new release of SecureX Eclipse Plugin will all be free but
>i will opensource in the next release becasue the code is too
>bad:(
What I mean is that i won't released source code that related your Keytool GUI
until I entirely rewrite your util class(KeyPairUtil, DigestUtil and X509CertUtil).
Btw, I don't think KeyStore 2.X or 3.X can continued well when my free released of
SecureX upgrade to 2.0(now it is 0.9, 1.0 next two week) in which I plan to integrated
more features.
Another question: Should GPL prevent you from released KeyStore 2.4 from KeyTool GUI?
Wayne, take it easy, just Debate promote Understanding and Collaboration......
Can you tell me which ACTION will you take to?
Wayne的回信讓我感到振奮,他提到我的plan work只限制用于于Eclipse,意義不大,并且他說Portcele
和JKeyManager都沒有超越過他的工作——KeyStore Explorer。他承認(rèn)我的工作將會損害他的商業(yè)利益,
但他將會迎接這種挑戰(zhàn)。最后,他他的觀點(diǎn)同樣尖銳——不能修改GPL,除非不要使用他的代碼。
David,
>I do think there must be some difference between countries, And when worked
>in
>USA, GPL should be respected but what about in Other Countries that have no
>law about GPL :)
I don't want to get into a debate about software licenses and law. Nobody
is going to sue you no matter what happens - it would serve no purpose. All
I am asking is that you obey the existing software licenses for my code. It
is GPL and therefore cannot be relicensed to anything else except by the
copyright holder - that is, me. Others have created forks of the KeyTool
GUI soure and respected this (for example see, Portecle). I appreciate that
you have gotten in contact with me about what you are doing. However, you
did ask for my advice and I have advised you not to break the existing
license. GPL is still open source so why not use it?
> >The new release of SecureX Eclipse Plugin will all be free but
> >i will opensource in the next release becasue the code is too
> >bad:(
>
>Btw, I don't think KeyStore 2.X or 3.X can continued well when my
>free released of
>SecureX upgrade to 2.0(now it is 0.9, 1.0 next two week) in which I plan to
>integrated
>more features.
David, others have tired (Portcele, JKeyManger) and none have succeeded in
surpassing my latter work. I wish you every success with your work but your
prediction of 90% coverage of features is an exaggeration even with your
planned work. In addition you are limiting your audience by writing a
plug-in for Eclipse. The bulk of my current users do not even know what
Java is far less Eclipse. You will get many users I am sure but as for it
hurting my work - more mature efforts have failed. I do honestly welcome
the challenge - it always inspires me to create new features :)
>Another question: Should GPL prevent you from released KeyStore 2.4 from
>KeyTool GUI?
As I own the copyright to KeyTool GUI I can decide what license to release
it under. It is my own work after all :)
>Wayne, take it easy, just Debate promote Understanding and
>Collaboration......
No problem - I will discuss this with you as long as you require. I wish
you no ill will - I am simply attempting to protect my open source work.
>Can you tell me which ACTION will you take to?
I hope to take no action. I am happy for you to build on as much of my open
source work as you like. I have had no problem with others building on the
old GUI and utility classes - but they did obey the license. As you say you
only require the use of a couple of crypto utility classes. All I require
is your agreement that you will license as GPL or not use my code.
I truely hope we can resolve this matter.
Talk to you soon.
Cheers,
- Wayne.
面對Wayne的軟硬兼施,我的言辭可能過于刻薄,并且我本人可能對收費(fèi)軟件過于介意,于是
開始回?fù)簦?/P>
Wanye,
I do really have two worries:
1. I hope sofeware is free, GPL's finally object is make more software free and
opensource is just a measure. After you make KeyStore Explorer a branch from
original KeyTool GUI, it is you that firstly not follow the GPL, right? Of course, because
you are the author, you are the owner, and you'll the authorize yourself to not
follow.
2. I checkout the protecle project( http://portecle.sourceforge.net/) which you recommend,
and i started to agree what you said:
->David, others have tired (Portcele, JKeyManger) and none have succeeded in
_>surpassing my latter work.
Protecle is just KeyTool GUI 1.7 and add only jar sign, little features are added. And
most important, it doesn't provide a native look. What's that mean? It means that when my OS is
using GBK, Protecle and KeyTool GUI 1.7 can not display correctly.
3. You say that:
-> In addition you are limiting your audience by writing a plug-in for Eclipse.
I forgot to tell you, that you make are wrong, I am writing SecureX follow the RCP standard
so that it can work as Eclipse Plugin or work stand alone. That means I can let my audience to use
SecureX even they don't have Eclipse installed.
Please Check : http://wiki.eclipse.org/index.php/Rich_Client_Platform
4. You suggested that
-> I hope to take no action. I am happy for you to build on as much of my open
-> source work as you like. I have had no problem with others building on the
-> old GUI and utility classes - but they did obey the license. As you say you
-> only require the use of a couple of crypto utility classes. All I require
-> is your agreement that you will license as GPL or not use my code.
I must let anyone knows that my purpose is to make software free, and open
is only a sort of means. I always hope that software should not PAY BEFORE USE.
I am worried that follow GPL will let most of my future work serve your KeyStore
Explorer(which is not open or free).
And when i and my teammates added more features on SecureX, it means that
this RCP framework standarded has enought features, I will open the framework (2.0 version)
so that others can plugin their secure feature into SecureX framework(thty only needed
to follow the RCP Plugin standarded) and they can choose open their source or not(Like
what Eclipse look now) and they can choose free manner or charge manner.
5, You are worried that my work will hurt you work:
-> You will get many users I am sure but as for it
-> hurting my work - more mature efforts have failed. I do honestly welcome
-> the challenge - it always inspires me to create new features :)
I guess you are worried that KeyStore Explorer will turn to use SecureX and your
earning will reduce?
If that's true, I must get off you worry:
You can add features to my SecureX framework and not evened to disclose you code(see
RCP Standard above) and make it charge :) My License won't prevent you from charge and won't
require to opensource.
My MSN is : scut_hzq@hotmail.com but i use it rarely.
Wait for you reply.
Wayne的回信讓我感到我在表述GPL的時(shí)候有誤,我感到有些慚愧,他提到他的KeyStore Explorer不可能
使用我的SecureX(如果我的SecureX被License為GPL),我檢查我上面的回信,確實(shí)是我寫錯了,我應(yīng)該
擔(dān)心的是GPL讓SecureX很難應(yīng)用于商業(yè)用途。
David,
>I do really have two worries:
>1. I hope sofeware is free, GPL's finally object is make more
>software free and
>opensource is just a measure.
If you use the GPL then nobody, including me, can use your work in a
non-open source project - I would have to make my own work GPL - which I
have no intentions of doing. My current work is closed source and will
remain so. If you use another open source license such as Apache or MIT
then the opposite is true - such licenses are more liberal when it comes to
commercial uses for software.
>After you make KeyStore Explorer a branch from
>original KeyTool GUI, it is you that firstly not follow the GPL, right? Of
>course, because you are the author, you are the owner, and you'll the
>authorize yourself to
>not follow.
That's correct - only the copyright owner can relicense GPL software. Note
that that meqans that I cannot relicense any of your work for my purposes.
>I must let anyone knows that my purpose is to make software free, and
>open is only a sort of means. I always hope that software should not PAY
>BEFORE
>USE.
That was my purpose for KeyTool GUI and why I chose the GPL - nobody but me
can relicense it.
>I am worried that follow GPL will let most of my future work serve your
>KeyStore Explorer(which is not open or free).
As I said above I cannot use any GPL code in my work. By using the GPL your
work will be protected. In addition I can assure you that I will not even
be looking at your code.
>5, You are worried that my work will hurt you work:
I am not worried. I welcome the competition.
> My MSN is : scut_hzq@hotmail.com but i use it rarely.
I have added you to my contacts list and should be online for much of today.
It sounds like we are getting closer to an understanding. You want to
protect your work and make sure it will always be free for others to use,
right? The solution appears to be to use the GPL. Which would be the best
thing to do anyway from a legal standpoint as no licenses would be broken.
Cheers,
- Wayne.
在中國,GPL跟Apache這兩種許可證,其實(shí)根本沒有人去關(guān)心,因?yàn)榇蟛糠秩硕际怯帽I版,
誰又會去關(guān)心許可證?
我承認(rèn)我使用了wayne的代碼,他寫了不少工具類,并且我使用了它們,如果因?yàn)镚PL阻止
了我選擇其他的License,我寧愿違反它。
Wayne后續(xù)的郵件我不方便公開,因?yàn)槲覀兙蚻icense這個(gè)問題上翻臉了,Wayne甚至這樣說:
I will not be rejoining any open source projects for KeyTool GUI or any
other projects. Why on earth would I want to give my work away for nothing?
I think that I have done enough already by writing KeyTool GUI in the
first place.
既然他已經(jīng)對開源不敢任何興趣,我又何必再跟他糾纏呢,他繼續(xù)寫他的商業(yè)軟件,我繼續(xù)
為我的SecureX添加新的功能,我的目標(biāo)并不是KeyStore Explorer, 我只是想讓更多人能使用
我的SecureX插件更方便地使用Java證書庫。