License under the LGPL?

[nightlark]

I ran into a bit of an issue with this library being licensed under the GPL-3.0; currently I'm in the process of releasing some code as open source under a (likely to be) more permissive license (e.g. MIT/BSD-3), but while reviewing libraries, I realized that one of the examples for how to write a plugin uses checksec.py as a dependency. As a result of the GPL license being infectious, I believe that means we are effectively being forced to release the software (or the example plugin) under the GPL-3.0 license as well.

Unless the goal by choosing the GPL license for checksec.py is to completely block any closed-source (written in Python, heh) commercial products from being released, LGPL seems like it would be a better fit to ensure changes commercial software makes to checksec.py are available to their users, while not making a complicated mess to figure out licenses for other open source projects that use it as a dependency (and thus their users).

That said, in our case given that it is a plugin example (completely optional and easy to pull out into its own separate repository), our workaround is probably going to be to release just that plugin example as a whole under the GPL-3.0 to satisfy the checksec.py license requirements, but with the code we wrote for the plugin example (which is all of it since it uses a pip installed copy of checksec.py as a library) under a permissive license so our users can freely use the example code we wrote without being affected by the virality of the GPL-3.0 (unless they also use checksec.py as a dependency for their plugin).

The other possibility is that we keep that example plugin as internal only, though that seems like a lose-lose situation all around.

[Wenzel]

Hi,
i've noticed your issue, but didn't had time to reply yet.
Will try to reply tonight.