mod-security license changes

Skip to first unread message

Marco Gatti

Aug 7, 2008, 9:00:21 AM8/7/08
Few days ago it has been released a new version of ModSecurity
( that contains licensing exceptions to
let Apache license and GPL license cooperate without problems.
ModSecurity was packaged in debian but it was removed due to this
license problems (see
Below you can see the licensing exceptions of the new version of
ModSecurity: do you think is now possible to have an official package
(well not in lenny of course)? Any volunteer?

Marco Gatti


Version 1.0, 29 July 2008

As a special exception ("Exception") to the terms and conditions of version 2
of the GPL, Breach Security, Inc. hereby grants you the rights described
below, provided you agree to the terms and conditions in this Exception,
including its obligations and restrictions on use.

Exception Intent

We want specified Free/Libre and Open Source Software ("FLOSS") programs to be
able to use ModSecurity (the "Program") despite the fact that not all FLOSS
licenses are compatible with version 2 of the GNU General Public License (the

Legal Terms and Conditions

You are free to distribute a Derivative Work that is formed entirely from the
Program and one or more works (each, a "FLOSS Work") licensed under one or
more of the licenses listed below in section 1, as long as all of the
following conditions are met:

1. You obey the GPLv2 in all respects for the Program and the Derivative
Work, except for identifiable sections of the Derivative Work which are

1. not derived from the Program, and

2. are not designed to interact with the Program, and

3. which can reasonably be considered independent and separate works in

2. All such identifiable sections of the Derivative Work are

1. distributed subject to one of the FLOSS licenses listed below, and

2. the object code or executable form of those sections are accompanied
by the complete corresponding machine-readable source code for those
sections on the same medium and under the same FLOSS license as the
corresponding object code or executable forms of those sections.

3. Any works which are aggregated with the Program or with a Derivative Work
on a volume of a storage or distribution medium in accordance with the
GPLv2, can reasonably be considered independent and separate works in
themselves which are not derivatives of either the Program, a Derivative
Work or a FLOSS Work, and are not designed to interact with the Program.

If the above conditions are not met, then the Program may only be copied,
modified, distributed or used under the terms and conditions of the GPLv2
or another valid licensing option from Breach Security, Inc.

FLOSS License List

License name Version(s)/Copyright Date
Academic Free License 2.0
Apache Software License 1.0/1.1/2.0
Apple Public Source License 2.0
Artistic license From Perl 5.8.0
BSD license "July 22 1999"
Common Development and Distribution License (CDDL) 1.0
Common Public License 1.0
Eclipse Public License 1.0
GNU Library or "Lesser" General Public License (LGPL) 2.0/2.1/3.0
Jabber Open Source License 1.0
MIT License (As listed in file MIT-License.txt) -
Mozilla Public License (MPL) 1.0/1.1
Open Software License 2.0
OpenSSL license (with original SSLeay license) "2003" ("1998")
PHP License 3.0
Python license (CNRI Python License) -
Python Software Foundation License 2.1.1
Sleepycat License "1999"
University of Illinois/NCSA Open Source License -
W3C License "2001"
X11 License "2001"
Zlib/libpng License -
Zope Public License 2.0

Due to the many variants of some of the above licenses, we require that for
any version of the listed FLOSS licenses to qualify under this exception, it
must follow the 2003 version of the Free Software Foundation's Free Software
Definition ( or version 1.9 of the
Open Source Definition by the Open Source Initiative


1. Terms used, but not defined, herein shall have the meaning provided in the
version 2 of the GPL.

2. Derivative Work means a derivative work under copyright law.


This Exception applies to all Programs that contain a notice placed by Breach
Security, Inc. saying that the Program may be distributed under the terms of
this Exception. If you create or distribute a work which is a Derivative Work
of both the Program and any other work licensed under the GPL, then this FLOSS
Exception is not available for that work; thus, you must remove the FLOSS
Exception notice from that work and comply with the GPL in all respects,
including by retaining all GPL notices.

You may choose to redistribute a copy of the Program exclusively under the
terms of the GPLv2 by removing the Exception notice from that copy of the
Program, provided that the copy has never been modified by you or any third

Appendix A. Qualified Libraries and Packages

The following is a non-exhaustive list of libraries and packages which are
covered by the Exception when they are licensed under one or more of the
licenses listed above. Please note that this appendix is merely provided as
an additional service to specific FLOSS projects who wish to simplify
licensing information for their users. Compliance with one of the licenses
noted under the "FLOSS license list" section remains a prerequisite.

Package name Qualifying License and Version
Apache HTTP Server Apache Software License 2.0
Apache Portable Runtime (APR) Apache Software License 2.0

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply all
Reply to author
0 new messages