GPLv3 question

@DokMar 31.2008

Hello all

If this is not the right forum any hints as to where I should pose my questions are welcome.

I have some trouble understanding various aspects of the GNU GPLv3 license found at ~~[url]~~http://www.gnu.org/licenses/gpl.html[/url] . I’ve read the FAQ but I am still a little confused.

If a PHP script is generating some JavaScript which uses functions released under GPLv3 does the PHP script then fall under the GPLv3 license? The license says that whatever you build upon other code which is GPLv3 must also be GPLv3. If the PHP does fall under the GPLv3 then you would have to make the PHP source available. This seems counterintuitive as that would be a major security breach. Does anyone know?

Any help is appreciated

to post a comment

PHP

7 Comments(s) _↴

@NogDogMar 31.2008 — #As I understand it (but I am not a lawyer!), yes, your PHP program would need to be GPL'd. That does not mean that you, personally, have to give the source code away; but it does mean that you must supply the source code with any distribution (which you do by default anyway with PHP unless you use an code encrypter of some sort), and that you cannot prohibit anyone who has that source code from freely distributing it as they desire (as long as the original source code and the license are part of that distribution).

As far a security issues, in what respect do you see this as a problem?

@scragarMar 31.2008 — #doesn't the GPL apply the other way? Programs built on the javascript would have to be open source, but programs that build it(like your PHP) or compile it would not need to be under the GPL.

@SyCoMar 31.2008 — #I'm not 100% myself but here's how I understand it.

You get this code that's been GPL'd

[code=html]//released under GPLV3 License
 //http://www.gnu.org/licenses/gpl-3.0.html
 //author The Dude
 <script type="text/javascript">
 <!--
 alert('boo');
 //-->
 </script>[/code]

and you modify it in some way

[code=html]
 //released under GPLV3 License
 //http://www.gnu.org/licenses/gpl-3.0.html
 //Original author The Dude
 //Modified by me
 <script type="text/javascript">
 <!--
 setInterval("alert('boo')",500);
 //-->
 </script>[/code]

You don't need to give up all your PHP, because you got some javascript. To honour the GPL you must give access to the modified code your originally obtained under the GPL. If it's Javascript you are probably giving it away in the browser source and that is sufficient. If you modify it you must say so.

If it was server side like PHP you need to post the source of the modified script with changes attributed to the author (or if you didn't change it, the unmodified script) on your website or in your application give mention that the source is available on request.

There are no security risks if you write your scripts well. Here's a simplistic example.

You have a page that receives GET vars and you're worried about someone calling the URL and trying to crack your site. You can use a secret key and add an md5() hash in the URL to check against the key.

So if you added the key idea to a script released under the GPL, you still need to reveal the new code but not the secret key itself. $key='XXXX'; would be fine. Crackers can post get strings all day to your server and if you have a 128 character random key, they will not crack it in your life time. How about generating a 128 char random length string and storing it in a text file to parse and generate your key and changing it every hour. No way anyone is getting that, well maybe the NSA. ?

What make the GPL cool is now everyone benefits from your improved security feature and you shared it freely. If you don't want to share your modified code, don't used GPL'd code. Simple as that.

Post threads with security concerns here and someone will help secure your scripts.

Not getting it right can result in legal proceedings so if you're worried, consult a lawyer or contact the Free Software Foundation for clarification.

@DokauthorApr 01.2008 — #As far a security issues, in what respect do you see this as a problem?[/QUOTE]If users could request the PHP source just because it outputs some GPL'd JavaScript that would be very uncool.

Only thing GPL in this scenario is the JavaScript. My PHP source is merely fetching the GPL'd code from a database and displying it in a generated XHTML file.

@SyCoApr 01.2008 — #Did you read my post?

If you use GPL'd code you are agreeing to a legal contract. You clearly don't understand it so I would advise speaking to a lawyer, or contact the Free Software Foundation for advice.

If you get a definitive anwswer please come back here and post it so we can all benefit. Thanks

@DokauthorApr 01.2008 — #Did you read my post?[/QUOTE]Yes.

I will write OSF and post back if they answer. Thanks for your time.

@NogDogApr 02.2008 — #Yes.

I will write OSF and post back if they answer. Thanks for your time.[/QUOTE]
Yeah, I'd like to know, too. The more I try to read their site, the more confused I get. I'm starting to think all you are required is to make sure the full original source for the JavaScript code in question is provided, along with a copy of the GPL license that comes with it. But I wouldn't be surprised if I was wrong and still confused by their legalese - I guess we have lawyers and their refusal to use plain English to thank. :rolleyes:

Also in #PHP _↴

Post data not getting through to mailer difference between phpmyadmin and mysql workbench PHP Redirect Issues. Help would be eternally appreciated. :)

Success!

Help @Dok spread the word by sharing this article on Twitter...

Tweet This

GPLv3 question

7 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

GPLv3 question

7 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

7 Comments(s) _↴

Also in #PHP _↴