Monday, June 2, 2008

GPL Project Watch List for Week of 05/30

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 24th through May 30th, 2008.

This Week:

  • New Projects
  • Clipperz Follow Up
  • AGPL v3 Hits 100 Projects
  • User Contributions

Congrats to the Grads
For those of you in school or have children that are, graduation has just passed for some or is soon approaching. We would like to congratulate all the graduates and wish you the best of luck in you career, especially if it involves open source *wink*.

This week our GPL v3 projects has grown to 2471 GPL v3 projects, which is in increase of 44 new GPL v3 projects. Our AGPL v3 count has just hit its first benchmark of 100 AGPL v3 projects, with the 5 new AGPL v3 projects that were added over the past week. And lastly, the LGPL v3 count is now at 236 LGPL v3 projects, in increase of 16 new LGPL v3 projects.



















New project conversions this week include:
  • pion-platform: a development platform for Complex Event Processing (CEP)
  • freyrms: Based on OdinMS, FreyrMS strives to improve the functionality of the OdinMS Project.
  • domac: text edit/macro language, similiar to awk,sed, or m4. It can be embedded in other languages and allows comments anywhere, even inside instructions.

Follow up:
What is "zero-knowledge", and what does it mean to the growth of web services and information security?
From Marco Barulli, Clipperz

Dear Ernest, I'm happy to inform you that Richard Stallman finally agreed with the

"call for action" that I published on the Clipperz blog today.

It's a three step plan that combines free software (AGPL)

and the
zero-knowledge architecture.

http://www.clipperz.com/users/marco/blog/2008/05/30/freedom_and_privacy_cloud_call_action
I am glad to say that you saw it here first.

Is this important? Sure it is. Marco Barulli is taking the risk of blazing the trail for web services developers to come. Is AGPLv3 the right license? Who knows. Is "zero-knowledge" the right architecture? Maybe yes, maybe no.
  • Zero-knowledge architecture is a web services framework in which secure information is distributed only to the endpoint, the service, through a secure and reliable framework that does not allow disclosure or residual existence of any user specific information.
  • In a service framework, providers enabling the connection from a user to the target service may have access to secure and potentially user specific data.
  • The zero knowledge architecture is one in which programmatic architecture and tools are put in place to hide and encrypt data in a format only usable by the intended service.
  • The AGPLv3 assures that the architecture and the source code is transparent and available for scrutiny, thereby insuring a clear implementation of secure practice that can be monitored and verified by the community.
  • While we as users get in the practice of complacency and trust, the idea of "zero-knowledge" allows the user to validate the secure and reliable implementation of security and data protection practices.
An interesting key point is the browser, our gateway to an OS neutral world of services.
  • The browser would need to let the user control how web service code, in this case, Javascript, is loaded, validated and run. While I can go into more detail here, Mr. Barulli does an excellent job of explaining here.
What is new here?
Clipperz is trying to provide an architectural guideline for how to develop and deploy web services that have an inherent high security, and a set of tools as a valuable starting point. Additionally, the idea that a user does not have to trust the developer or service provider for the protection of private data is smart. Is this novel? No. Is it needed? Of course. "Zero-knowledge" architecture is based on old ideas applied to a new web services paradigm. Trust nobody, encrypt, and double check everything. Clippers and the zero-knowledge concept is an old idea finding a proper place to start talking about transparent architecture which puts the responsibility of information security in the hands of the users. Is it perfect? Maybe yes, maybe no. It is licensed under AGPLv3, so Marco Barulli is inviting the community to grow what he started. Simple idea, great initiative. Well done.


AGPL v3 Hits 100 Projects
As stated in our project summary, the AGPL v3 has hit 100 projects by our count as of this week. This is an important benchmark for the license, seeing as it was uncertain if projects would want to adopt this derivative of the GPL3. 100 projects is by no means a large support group, out of the hundreds of thousands of projects, but it is a first step. This benchmark shows that the extra clause in the AGPL v3 that closes the ASP loophole, which requires "software as a services" to also release its code modifications is an important issue. Hitting this benchmark along with Clipperz proposed AGPL suite might just act as a catalyst to make the AGPL v3 a significant license in the open source community.


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through our web interface:

****************************************************************************
Sinatra


Description:
Sinatra is a free karaoke game for GNU/Linux. Sinatra puts your voice on top of the note sheet and gives you score for matching it good. Beat your own scores or battle in a duet, trio or quartet with friends and several microphones and sound cards. Sinatra was released February 16.

Newest Release:
Sinatra 1.0
****************************************************************************
We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard

The GPL3 project, sponsored by Palamida, Inc (http://palamida.com ), is an effort to make reliable publicly available information regarding GPLv3 license usage and adoption in new projects. The work published on both sites listed below is licensed This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License .

For more information, go to http://gpl3.blogspot.com.
To stop receiving these weekly mailings, please send a message to rdgroup@palamida.com with the subject "unsubscribe".



No comments: