Subject: Re: License Question
From: Brian Behlendorf <brian@collab.net>
Date: Fri, 1 Jun 2001 18:59:13 -0700 (PDT)


Sorry for the delay on this; I was offline for much of last month, coming
back online in time to discover apache.org had been compromised, and
needed a cleansing...

On Tue, 15 May 2001, Crispin Cowan wrote:
>    * Apache:  the Apache license  http://www.apache.org/LICENSE.txt says
>      that it can be redistributed in source and binary form, and does
>      not discuss whether fees may be charged for the files.  It does say
>      that "Products derived from this software may not be called
>      "Apache",nor may "Apache" appear in their name."  Is our immunized
>      Apache a derived product, and we may not call it "Apache"?  Or is
>      it actually Apache per se, and this clause does not bear on us?  Do
>      you have an opinion on whether our approach is compatible with the
>      Apache license?

The intent behind the clause was to prevent someone from calling their
product (that is, the title of the SKU, the book, what is listed in a
catalog, etc) something with the word "Apache" in it, e.g. "ApachePro",
"Apache++", "Apache for Experts/Dummies", etc.  Seeing what had happened
to the Linux brand name we feel pretty justified in that conservatism.  =)

If you are selling a product called "Immunix/OS", that's cool.  If you say
"This product includes 'hardened' versions of Apache 1.3 and ....", also
cool.  If you were selling a product called "ImmunizedApache" or
"Secure Apache" or "Hardened Apache", then you'd need a waiver to that
agreement granted by the ASF, which we've done on occasion for people who
have been significant contributors (e.g., Ken Coar's "Apache for Dummies"
book).

Slightly more broadly, we've had a couple cases where people have created
tarballs of Apache code plus a whole bunch of other modules and settings,
and released those as "apache", and the bug reports came back to us.
So, technically, .rpm's called "apache_1.3.20.rpm" that aren't
released by the ASF are not legal, but we don't enforce that.  We're
working on a set of guidelines for what third-party packagers must do to
call their package "apache-*" and not risk our wrath.  =)

Hope this helps.

	Brian