From 9fd865b7637cbbc8088574d1c112643411849601 Mon Sep 17 00:00:00 2001 From: brectanus Date: Tue, 29 Jul 2008 04:43:59 +0000 Subject: [PATCH] Add the licensing exception (a text version). --- CHANGES | 15 ++++-- LICENSE_EXCEPTION | 124 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+), 4 deletions(-) create mode 100644 LICENSE_EXCEPTION diff --git a/CHANGES b/CHANGES index 5f4b15a5..255244f0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -25 Jun 2008 - 2.5.6 +28 Jul 2008 - 2.5.6 ------------------- +* Transformation caching is now off by default as it may not be appropriate + in all environments. + * Fixed an issue with transformation cache using the original value when the last transformation in a chain did not modify the value. This fixes the potential match failure due to a failed transformation. @@ -15,10 +18,14 @@ maxitems: Max number of items to cache (default 1024) incremental: Whether to cache incrementally (default off) -* Transformation caching is now off by default as it may not be appropriate - in all environments. +* Added an experimental regression testing suite. The regression suite may + be executed via "make test-regression", however it is strongly advised + to only be executed on a non-production machine as it will startup the + Apache web server that ModSecurity is compiled against with various + configurations in which it will run tests against. -* Added an experimental regression testing suite. +* Added a licensing exception so that ModSecurity can be used in a derivative + work when that derivative is also under an approved open source license. 05 Jun 2008 - 2.5.5 diff --git a/LICENSE_EXCEPTION b/LICENSE_EXCEPTION new file mode 100644 index 00000000..9f7eb622 --- /dev/null +++ b/LICENSE_EXCEPTION @@ -0,0 +1,124 @@ +ModSecurity Licensing Exception + +Version 1.0 draft 5, 18 June 2008 + +As a special exception ("Exception") to the terms and conditions of version 2 of the +GPL, Breach Security, Inc. hereby grants you the rights described below, provided +you agree to the terms and conditions in this Exception, including its obligations and +restrictions on use. + +Exception Intent + +We want specified Free/Libre and Open Source Software ("FLOSS") programs to be +able to use ModSecurity (the "Program") despite the fact that not all FLOSS licenses +are compatible with version 2 of the GNU General Public License (the "GPLv2"). + +Legal Terms and Conditions + +You are free to distribute a Derivative Work that is formed entirely from the Program +and one or more works (each, a "FLOSS Work") licensed under one or more of the +licenses listed below in section 1, as long as all of the following conditions are met: + +1. You obey the GPLv2 in all respects for the Program and the Derivative Work, + except for identifiable sections of the Derivative Work which are + + 1. not derived from the Program, and + + 2. are not designed to interact with the Program, and + + 3. which can reasonably be considered independent and separate works in + themselves. + +2. All such identifiable sections of the Derivative Work are + + 1. distributed subject to one of the FLOSS licenses listed below, and + + 2. the object code or executable form of those sections are accompanied + by the complete corresponding machine-readable source code for those + sections on the same medium and under the same FLOSS license as the + corresponding object code or executable forms of those sections. + +3. Any works which are aggregated with the Program or with a Derivative Work + on a volume of a storage or distribution medium in accordance with the + GPLv2, can reasonably be considered independent and separate works in + themselves which are not derivatives of either the Program, a Derivative Work + or a FLOSS Work, and are not designed to interact with the Program. + +If the above conditions are not met, then the Program may only be copied, modified, +distributed or used under the terms and conditions of the GPLv2 or another valid +licensing option from Breach Security, Inc. + + +1. FLOSS License List + +License name Version(s)/Copyright + Date + +Academic Free License 2.0 +Apache Software License 1.0/1.1/2.0 +Apple Public Source License 2.0 +Artistic license From Perl 5.8.0 +BSD license "July 22 1999" +Common Development and Distribution License (CDDL) 1.0 +Common Public License 1.0 +Eclipse Public License 1.0 +GNU Library or "Lesser" General Public License (LGPL) 2.0/2.1 +Jabber Open Source License 1.0 +MIT License (As listed in file MIT-License.txt) - +Mozilla Public License (MPL) 1.0/1.1 +Open Software License 2.0 +OpenSSL license (with original SSLeay license) "2003" ("1998") +PHP License 3.0 +Python license (CNRI Python License) - +Python Software Foundation License 2.1.1 +Sleepycat License "1999" +University of Illinois/NCSA Open Source License - +W3C License "2001" +X11 License "2001" +Zlib/libpng License - +Zope Public License 2.0 + +Due to the many variants of some of the above licenses, we require that for any +version of the listed FLOSS licenses to qualify under this exception, it must follow +the 2003 version of the Free Software Foundation's Free Software Definition +(http://www.gnu.org/philosophy/free-sw.html) or version 1.9 of the Open Source +Definition by the Open Source Initiative +(http://www.opensource.org/docs/definition.php). + + +2. Definitions + + 1. Terms used, but not defined, herein shall have the meaning provided in the + version 2 of the GPL. + + 2. Derivative Work means a derivative work under copyright law. + + +3. Applicability + +This Exception applies to all Programs that contain a notice placed by Breach +Security, Inc. saying that the Program may be distributed under the terms of this +Exception. If you create or distribute a work which is a Derivative Work of both the +Program and any other work licensed under the GPL, then this FLOSS Exception is +not available for that work; thus, you must remove the FLOSS Exception notice from +that work and comply with the GPL in all respects, including by retaining all GPL +notices. + +You may choose to redistribute a copy of the Program exclusively under the terms of +the GPLv2 by removing the Exception notice from that copy of the Program, provided +that the copy has never been modified by you or any third party. + + +Appendix A. Qualified Libraries and Packages + +The following is a non-exhaustive list of libraries and packages which are covered by +the Exception when they are licensed under one or more of the licenses listed above. +Please note that this appendix is merely provided as an additional service to specific +FLOSS projects who wish to simplify licensing information for their users. +Compliance with one of the licenses noted under the "FLOSS license list" section +remains a prerequisite. + +Package name Qualifying License and Version + +Apache HTTP Server Apache Software License 2.0 +Apache Portable Runtime (APR) Apache Software License 2.0