Someone asked me in email why I said on coderpunks & cypherpunks:
If one is interested to encourage people to include crypto in their applications, GNU style licenses are a step in the wrong direction.
And as I wrote a longish explanation, I thought I'd share it: Here is problem: say that our goal is to maximise deployment of software with crypto built in, especially commercial software. So people write libraries, and software say like Eric Young's SSLeay, or Werner Koch's GNUGP (OpenPGP implementation). Some of these people then use GNU license because that is the friendly net ethos of the way to do it. (And in general I agree, but there is a conflict here...) So now the license on the libraries or software that they've written (specifically to encourage commercial companies to add crypto) are evaluated by the prospective companies lawyers. The lawyer observes that, GNU license says: 1) thou shalt adopt the GNU license for your whole source tree, if there is one line of GNU derived code in it. (or words to effect). And he goes ... hmmm ... so what else does GNU license say if we put our source under GNU license. It also says: 2) source shall be available for shipping and handling fee only (or words to effect) and he grumbles, and maybe causes the project to be scrapped, if the company has ideas on keeping source code secret (though we all know this is not a good idea especially for crypto code, such companies exist, these the parameters we are mostly working within). so if the project is still ok by the lawyer, he examines the license some more, and it says: 3) it shall be allowed for anyone to take and re-distribute any GNU software charging what they like. (or words to effect) And he goes (floating point exception... core dumped!) Because it means that his companies software can be legally copied and re-sold with no financial benefit to his company. Which is why companies won't touch GNU license stuff with a barge pole. Note that there are two licenses promoted by FSF: the GPL (GNU General Public License) and the GNU LGPL (GNU Library General Public License). The GNU LGPL is as I commented in an earlier post just about usable for commercial purposes, because it does not infect the source tree using the code with the LGPL (or GPL) because it allows specifically for providing only the code for the library and not the rest of the code, and does not demand that the rest of the code use the same license. However Werner is using GPL for G10 aka GNUPG (at least as of g10-0.0.0 which is the version I have). So the plea is, if you are going to use GNU, at least use GLPL and NOT GPL. Well, it's your code, and you wrote it, so it's your choice: my comments are based on the assumption that the author is more interested in crypto deployment than in the GNU license virus as a means of promoting the availability of source code. Adam