Changing GPGME's license

Posted 21 Jul 2003 at 09:57 UTC by werner Share This

gpgme is a library to make access to GnuPG easier and designed as a general crypto API for many crypto domains. I am currentling thinking whether we should switch from the GPL to the LGPL.

I general I believe that the GPL is the best tool to protect the freedom of our software. This is not limited to programs but also counts for libraries because they often provide large parts of the logic. Therefore the GNU project tries to keep libraries under the GPL and does only use the LGPL in certain situations.

The drawbacks of the LGPL (from a Free Software POV), is that it makes it easy for proprietary software to build on existing and well working Free Software code without granting the user the full freedom back. The LGPL basically requires that the LGPLed code must be made available under the LGPL but does not demand anything from the proprietary software; except the ability to be linkable against modified GPLed components. Thus it is easy to include worthy features in the proprietary code without changing LGPLed code. As an author of Free Software I am usually not too keen to see my code used in this way.

However, as stated by the FSF it sometimes makes sense to put code under LGPL. One valid reason would be code with many implementations (e.g. SSL), where a GPLed implementation is no incentive to be used by proprietary code. It is often hard to weight out the advantages and disadvantages of LGPLing code.

With respect to GPGME, I early decided that it is quite a unique interface to crypto backends (at least for applications requiring a C interface) with no real counterparts neither in the free nor in the non-free world. The PGP SDK clearly resembles the functionality of GPGME up to a certain level, but it is expensive and not widely used in proprietary software. I have always refused requests to change the license for the benefit of proprietary MUAs or even Free Software like Evolution. So most of the few MUAs with OpenPGP support went the not-that-elegant way of exec/forking gpg - something GPGME currently also does but with a clean high level interface on top.

I'd still hold up my reasoning if GPGME would be just one library to do foo stuff. But GnuPG (and thus GPGME) is more than just some Free Software tool for processing data. Based on PGP, GnuPG is also important for ensuring the right to communicate privately over computers without the fear of being spied on. Especially these days it is again more and more important to have means to secure ones own communication.

It is realistic to believe that we can't abolish proprietary software entirely in the next years. Thus we have to live with proprietary systems, especially MUAs, for the time being. I can image that GPGME, distributed under the LGPL, would be an incentive to some vendors to add OpenPGP functionality to their products. From a crypto rights POV, this seems to be a sound decision. Another important advantage, we should not forget about, is that an LGPLed GPGME helps Free Software which is not compatible to the GPL.

OTOH, my company has put quite some money on the development of GPGME and is employing Marcus for maintaining it. We don't make any revenues from GPGME development and it is questionable whether a new license will change this at all. At least proprietary products could gain benefits from such a change and in-house applications would also save a substantial amount of money when not using PGP's SDK. Therefore I think it is fair to ask for a one-time financial compensation to change the license.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page