Apache License更适合中国人

xiaoxiao2021-03-01  8

Apache License更适合中国人,正式迎接Wayer Grant的挑战

很久以前,我开始着手写一些基于Security的插件,由于我使用Eclipse,Eclipse插件似乎本身对我很有帮助,我在从事插件开发的同时,只是写一些很简单的基于BouncyCastle的工具类。有一天,我看到了Portecle, 它是KeytoolGUI的一个分支,我觉得它的功能跟KeyStore 2.4大同小异,版权信息表明,2004年以后Wayne Grant并没有再参与此软件的任何开发。Copyright © 2004 Wayne Grant            2004 Mark Majczyk            2004-2005 Ville Skyttä我着手在Protecle和KeytoolGUI的基础上编写一个安全插件,名为SecureX。Protecle和KeytoolGUI是基于Swing,我编写了一个跟他们几乎很相像的SWT使用界面(当然不少地方作了增强),我希望使用上述的copyright来发布该Eclipse插件,我这样想的理由有两个:

第一,SecureX不只是集成KeytoolGUI这个证书管理模块,而且还会集成签名,加密等模块,这样,我们将来开发界面应用的时候,我们开源队伍可以同步开发,只要我们按照Eclipse RCP规范,我们不存在任何的集成问题。第二,SecureX不希望使用GPL,而想使用Apache License。但由于Wayne Grant多次警告,如果我relicense(使用了他的代码于SecureX,并将SecureX重新定位于Apache License),他将对我采取法律行动。其实,GPL跟Apache License的最大区别是,GPL要求修改代码必须也遵守GPL,也就是说,如果我屈服于wayne, 将SecureX应用了GPL,其他人将无法将SecureX应用于商业用途,除非他们承诺他们的商业软件遵循GPL,你说可能吗:) 相比之下,Apache License更自由,它强调使用源代码的人不需要公开自己的源代码(修改后的源代码),也就是说,如果SecureX使用Apache License,SecureX的用户可以任意修改它,并且可以选择以源代码的方式或者二进制代码的方式发布他们自己的成果(他们唯一需要做的是——在他们的成果中声明使用了SecureX的代码).

我第一次向Wayne发邮件,邀请他他的回信如下:

Hello David,

Some guidance for you.

I have copyright over KeyTool GUI.  You therefore cannot call yourapplication "KeyTool GUI" or anything similar.  Lazgo Software has copyrightand trademark over "KeyStore Explorer" so you cannot call it that either.

KeyTool GUI is GPL software.  If your application contains code from KeyToolGUI then your application as a whole must obey the GPL license.  This meansthat you must release your own code as GPL and not under any other licenseterms.  The headers in the existing code must be left how you found them -that is with the GPL license and my copyright intact.

I have no wish to be listed as author of your application.  Simply state onyour web site and in the application that your application is based on afork of KeyTool GUI of which I am the copyright owner.  For an example seethe Portecle web site (http://portecle.sourceforge.net/) - Portecle issimilar to your app in that it is a fork of KeyTool GUI.

Let me know if you have any questions.

- Wayne.

----------------------------------

Dear Waner Grant:   I've written a Keytool Eclipse Plugin which support most features of KeyStore2.4.   As you know, KeyStore 2.4 is written in Swing, I rewirte yourapplication by SWT.So that it has a native look and more, I integrate my XML signature modulein thisapplication.   For more info, seehttp://dev2dev.bea.com.cn/bbs/thread.jspa?forumID=29304&threadID=31955&tstart=0   And i will publish this Eclipse Plugin in next two weeks. Becasue wannerGrantis the first author of this software, So I plan to use his name as firstauthor and mineas the second author.  Will this be reasonable?   Any Advice would be great appreciately.

Wayne的目的很简单,他要求我不能使用Keytool GUI或者KeyStore Explorer类似的名称, 并且他要求我必须使用GPL的许可证,这一点我非常不满,我于是回信给他,强调我要求relicense GPL。我知道我这样说有点对牛弹琴,因为他应该不会授权我relicense。

The shell is all written by me. And I will add signature and Watermark feature to this software,  I only use some Util Class of your KeyTool GUI such as KeyPairUtil, DigestUtil and X509CertUtil etc and of Course,I will not change the codeand the header of them! Feel ease if I don't plan to abidance by GPL :)  I like ApacheLicense only. The new release of SecureX Eclipse Plugin will all be free buti will opensource in the next release becasue the code is toobad:(

Beta SecureX plugin will be publish next week, so if you have moreadvice, please let me know.       regardsdavid

Wayne的回复同样让我感到很大的压力,除非我必须遵循GPL,否则我似乎无所作为:

David,

>I only use some>Util Class of your KeyTool GUI such as KeyPairUtil, DigestUtil>and X509CertUtil etc and of Course,I will not change the code>and the header of them!>>Feel ease if I don't plan to abidance by GPL :)  I like Apache>License only.

If an application contains GPL code then the whole application must be GPL.Your choices are:

1) to not use any of KeyTool GUI code in your application2) or to license your application through the GPL.

To do anything else will break the terms of the GPL license that protectKeyTool GUI - you will be breaking the law.  You can check this for yourselfin the GPL license - http://www.gnu.org/licenses/gpl.html.  Section 2 b isthe relevant part:

"You must cause any work that you distribute or publish, that in whole or inpart contains or is derived from the Program or any part thereof, to belicensed as a whole at no charge to all third parties under the terms ofthis License."

Basically you are deriving something from KeyTool GUI code that is GPL -even if you are only using a couple of files they are covered by the GPLlicense and anything they are used for must also be GPL as a whole.

If you go ahead and any KeyTool GUI code within your application and do notlicense it as GPL then I will be forced to take action.  The reason I choseGPL as the license was to protect it from being re-licensed.

>The new release of SecureX Eclipse Plugin will all be free but>i will opensource in the next release becasue the code is too>bad:(

Again you cannot do this under the terms of the GPL - if you release a GPLproject then the source code must be available.  I believe the same applieswith Apache.

Get in touch if you have any questions.

Cheers,

既然我必须遵循GPL,我只能学微软的肮脏招数——模仿,并且声明我会重写他的所有类,同时,我明确,China跟USA的国情有所不同,我完全有能力选择Apache License而绕过源代码创建者的授权(授权我Relicense)。我的回信如下:

Wayne:>If you go ahead and any KeyTool GUI code within your application and do not>license it as GPL then I will be forced to take action.  I do think there must be some difference between countries, And when worked in USA, GPL should be respected but what about in Other Countries that have no law about GPL :) >The new release of SecureX Eclipse Plugin will all be free but>i will opensource in the next release becasue the code is too>bad:( What I mean is that i won't released source code that related your Keytool GUI until I entirely rewrite your util class(KeyPairUtil, DigestUtil and X509CertUtil). Btw,  I don't think KeyStore 2.X or 3.X can continued well when my free released of SecureX upgrade to 2.0(now it is 0.9, 1.0 next two week) in which I plan to integratedmore features. Another question:  Should GPL prevent you from released KeyStore 2.4 from KeyTool GUI? Wayne, take it easy,  just Debate promote Understanding and Collaboration......  Can you tell me which ACTION will you take to?

Wayne的回信让我感到振奋,他提到我的plan work只限制用于于Eclipse,意义不大,并且他说Portcele和JKeyManager都没有超越过他的工作——KeyStore Explorer。他承认我的工作将会损害他的商业利益,但他将会迎接这种挑战。最后,他他的观点同样尖锐——不能修改GPL,除非不要使用他的代码。

David,

>I do think there must be some difference between countries, And when worked>in>USA, GPL should be respected but what about in Other Countries that have no>law about GPL :)

I don't want to get into a debate about software licenses and law.  Nobodyis going to sue you no matter what happens - it would serve no purpose.  AllI am asking is that you obey the existing software licenses for my code.  Itis GPL and therefore cannot be relicensed to anything else except by thecopyright holder - that is, me.  Others have created forks of the KeyToolGUI soure and respected this (for example see, Portecle).  I appreciate thatyou have gotten in contact with me about what you are doing.  However, youdid ask for my advice and I have advised you not to break the existinglicense.  GPL is still open source so why not use it?

> >The new release of SecureX Eclipse Plugin will all be free but> >i will opensource in the next release becasue the code is too> >bad:(>

>Btw,  I don't think KeyStore 2.X or 3.X can continued well when my>free released of>SecureX upgrade to 2.0(now it is 0.9, 1.0 next two week) in which I plan to>integrated>more features.

David, others have tired (Portcele, JKeyManger) and none have succeeded insurpassing my latter work.  I wish you every success with your work but yourprediction of 90% coverage of features is an exaggeration even with yourplanned work.  In addition you are limiting your audience by writing aplug-in for Eclipse.  The bulk of my current users do not even know whatJava is far less Eclipse.  You will get many users I am sure but as for ithurting my work - more mature efforts have failed.  I do honestly welcomethe challenge - it always inspires me to create new features :)

>Another question:  Should GPL prevent you from released KeyStore 2.4 from>KeyTool GUI?

As I own the copyright to KeyTool GUI I can decide what license to releaseit under.  It is my own work after all :)

>Wayne, take it easy,  just Debate promote Understanding and>Collaboration......

No problem - I will discuss this with you as long as you require.  I wishyou no ill will - I am simply attempting to protect my open source work.

>Can you tell me which ACTION will you take to?

I hope to take no action.  I am happy for you to build on as much of my opensource work as you like.  I have had no problem with others building on theold GUI and utility classes - but they did obey the license.  As you say youonly require the use of a couple of crypto utility classes.  All I requireis your agreement that you will license as GPL or not use my code.

I truely hope we can resolve this matter.

Talk to you soon.

Cheers,- Wayne.

面对Wayne的软硬兼施,我的言辞可能过于刻薄,并且我本人可能对收费软件过于介意,于是开始回击:

Wanye,       I do really have two worries:       1. I hope sofeware is free, GPL's finally object is make more software free and opensource is just a measure.  After you make KeyStore Explorer a branch from  original KeyTool GUI, it is you that firstly not follow the GPL, right? Of course, because you are the author, you are the owner, and you'll the authorize yourself to not  follow.      2. I checkout the protecle project( http://portecle.sourceforge.net/) which you recommend, and i started to agree what you said:->David, others have tired (Portcele, JKeyManger) and none have succeeded in _>surpassing my latter work.      Protecle is just KeyTool GUI 1.7 and add only jar sign, little features are added. Andmost important, it doesn't provide a native look. What's that mean? It means that when my OS is using GBK, Protecle and KeyTool GUI 1.7 can not display correctly.      3. You say that:-> In addition you are limiting your audience by writing a plug-in for Eclipse.      I forgot to tell you, that you make are wrong, I am writing SecureX follow the RCP standard so that it can work as Eclipse Plugin or work stand alone. That means I can let my audience to useSecureX even they don't have Eclipse installed.       Please Check : http://wiki.eclipse.org/index.php/Rich_Client_Platform     4. You suggested that -> I hope to take no action.  I am happy for you to build on as much of my open-> source work as you like.  I have had no problem with others building on the -> old GUI and utility classes - but they did obey the license.  As you say you-> only require the use of a couple of crypto utility classes.  All I require-> is your agreement that you will license as GPL or not use my code.      I must let anyone knows that my purpose is to make software free, and openis only a sort of means. I always hope that software should not PAY BEFORE USE.I am worried that follow GPL will let most of my future work serve your KeyStore Explorer(which is not open or free).     And when i and my teammates added more features on SecureX, it means thatthis RCP framework standarded has enought features, I will open the framework (2.0 version)so that others can plugin their secure feature into SecureX framework(thty only neededto follow the RCP Plugin standarded) and they can choose open their source or not(Like what Eclipse look now) and they can choose free manner or charge manner.      5, You are worried that my work will hurt you work:-> You will get many users I am sure but as for it-> hurting my work - more mature efforts have failed.  I do honestly welcome-> the challenge - it always inspires me to create new features :)     I guess you are worried that KeyStore Explorer will turn to use SecureX and yourearning will reduce?     If that's true, I must get off you worry:     You can add features to my SecureX framework and not evened to disclose you code(see RCP Standard above) and make it charge :) My License won't prevent you from charge and won'trequire to opensource.        My MSN is : scut_hzq@hotmail.com but i use it rarely.

    Wait for you reply.

Wayne的回信让我感到我在表述GPL的时候有误,我感到有些惭愧,他提到他的KeyStore Explorer不可能使用我的SecureX(如果我的SecureX被License为GPL),我检查我上面的回信,确实是我写错了,我应该担心的是GPL让SecureX很难应用于商业用途。

David,

>I do really have two worries:>1. I hope sofeware is free, GPL's finally object is make more>software free and>opensource is just a measure.

If you use the GPL then nobody, including me, can use your work in anon-open source project - I would have to make my own work GPL - which Ihave no intentions of doing.  My current work is closed source and willremain so.  If you use another open source license such as Apache or MITthen the opposite is true - such licenses are more liberal when it comes tocommercial uses for software.

>After you make KeyStore Explorer a branch from>original KeyTool GUI, it is you that firstly not follow the GPL, right? Of>course, because you are the author, you are the owner, and you'll the>authorize yourself to>not follow.

That's correct - only the copyright owner can relicense GPL software.  Notethat that meqans that I cannot relicense any of your work for my purposes.

>I must let anyone knows that my purpose is to make software free, and>open is only a sort of means. I always hope that software should not PAY>BEFORE>USE.

That was my purpose for KeyTool GUI and why I chose the GPL - nobody but mecan relicense it.

>I am worried that follow GPL will let most of my future work serve your>KeyStore Explorer(which is not open or free).

As I said above I cannot use any GPL code in my work.  By using the GPL yourwork will be protected.  In addition I can assure you that I will not evenbe looking at your code.

>5, You are worried that my work will hurt you work:

I am not worried.  I welcome the competition.

>     My MSN is : scut_hzq@hotmail.com but i use it rarely.

I have added you to my contacts list and should be online for much of today.

It sounds like we are getting closer to an understanding.  You want toprotect your work and make sure it will always be free for others to use,right?  The solution appears to be to use the GPL.  Which would be the bestthing to do anyway from a legal standpoint as no licenses would be broken.

Cheers,- Wayne.

在中国,GPL跟Apache这两种许可证,其实根本没有人去关心,因为大部分人都是用盗版,谁又会去关心许可证?我承认我使用了wayne的代码,他写了不少工具类,并且我使用了它们,如果因为GPL阻止了我选择其他的License,我宁愿违反它。

Wayne后续的邮件我不方便公开,因为我们就license这个问题上翻脸了,Wayne甚至这样说:

I will not be rejoining any open source projects for KeyTool GUI or anyother projects.  Why on earth would I want to give my work away for nothing? I think that I have done enough already by writing KeyTool GUI in thefirst place.

既然他已经对开源不敢任何兴趣,我又何必再跟他纠缠呢,他继续写他的商业软件,我继续为我的SecureX添加新的功能,我的目标并不是KeyStore Explorer, 我只是想让更多人能使用我的SecureX插件更方便地使用Java证书库。

转载请注明原文地址: https://www.6miu.com/read-3200132.html

最新回复(0)