Closed burntout closed 10 years ago
Hmm. That's a good point. I'll think this over. I have also just debated using the 2-clause BSD license. I'll think this over, and chew on it.
After considering this all night, and researching the differences between all of the "copyleft" licenses, I agree that the AGPL v3 is the appropriate license for this application. The AGPL v3 addresses the "application service provider", or ASP loophole found in the GPL v3 proper. In basic terms, a server administrator could take GPL-licensed software, make modifications to the software, and host the software on his server, without releasing the source, because technically, he is not distributing the software.
The AGPL addresses this, by forcing server and network service administrators to publish their source code changes, if they are using those changes in the service. Because this is a cryptographic web application, transparency between the end user and the server administrator should be as clear as possible. The level of trust that the user is placing is the server administrator, if they are not running their own instance needs to be high. By licensing this software under the AGPL v3, the server administrator is bound by copyleft license to release any code changes that they make to the software.
Because this is a cryptographic web application, I initially chose the strong copyleft GPL to prevent the cryptographic app from going proprietary. I know that OpenBSD developers will disagree with me, but I just can't find any benefit to letting a security application go proprietary. As much as I love the BSD and MIT licenses, even the LGPL, it doesn't fit here. I need to enforce that the application respects users freedoms, and attempts at making server administrators responsible for their code modifications through transparency.
The Affero GPL v3 is a good fit here.
Consider relicensing as AGPL v3 http://www.gnu.org/licenses/agpl-3.0.html , as this will provide a network service