Hi ASF legal team, I'm writing this email in hopes of getting your feedback concerning a discussion we've been having on the JSecurity email list (an Incubator project).
A few of our mentors have expressed concern that there might be a possible naming conflict with our project name (JSecurity) and some other references found through google and other search mechanisms. I'd like to point out that the JSecurity name, as an open source project identity has been around for almost 4 years now, with zero contact from any external entity claiming conflict with a proprietary name or product. I know this isn't legal criteria for determining if there is a name conflict, but I surface it only to put some context of why the original JSecurity developers (and our well-established communities) think we should keep the JSecurity name. There might be older references to this name, unrelated to our project, but we don't know for certain if they would constitute a risk in the name overlap. We'd like some feedback as to if the project name should be changed or not. Here is what one of our mentors summarized after doing some research: <snip> Now, looking a bit forward on google, here are some other references to JSecurity : http://jwicglobal.com/Knowledge.htm <http://jwicglobal.com/Knowledge.htm> "WIC GLOBAL has developed a comprehensive Information Security Assessment service called JSecurity. Our JSecurity experts will conduct a full information security risk assessment focusing on:" http://www.juniper.net/security/ <http://www.juniper.net/security/> Seems like they have a service called J-Security. Be sure that Juniper has a legal service who might perfectly well send some nicely written "cease and desist" letter to the ASF about this name. Not sure that our legals want to deal with that ... http://www.jegers.com/dnn/Products/JPortfolio/tabid/83/Default.aspx <http://www.jegers.com/dnn/Products/JPortfolio/tabid/83/Default.aspx> Another JSecurity... Seems to be around since 2/11/2005 (at least) http://www.powerlogic.com.br/powerportal/ecp/files.do?evento=download&urlArqPlc=fld_jc_produc_ing_web2.pdf <http://www.powerlogic.com.br/powerportal/ecp/files.do?evento=download&urlArqPlc=fld_jc_produc_ing_web2.pdf> This company has a product named JSecurity. Since when ? As much as I like the JSecurity name, I also think that we are un potential jeopardy if we don't change its name. That's the main issue we have : we can't afford any kind of legal action when we already know that there are company out there which already use this name. Anyway, I can be wrong, I'm just trying to gather as much information as possible. When you guys think you have set your mind about this name, you will have to go to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> with the selected name (be it JSecurity or any other) to double check that it's ok or not (IFAIK). That is one of the condition to exit from the incubator : "Check of project name for trademark issues " (http://incubator.apache.org/incubation/Incubation_Policy.html#Minimum+Graduation+Requirements <http://incubator.apache.org/incubation/Incubation_Policy.html#Minimum+Graduation+Requirements>). </snip> Thanks for your review and feedback! Best, Les On Mon, Dec 1, 2008 at 10:18 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > Adam, > > Thanks _very_ much for such a detailed and thoughtful opinion. I love > to see people who aren't necessarily code contributors contribute to > the project in other ways. This is very valuable to us. > > I am in total agreement with your sentiments thus far. It is my > opinion that the name we have is great as it is and I'd only like to > change the name if someone from legal puts pressure on us to do so. > IANAL, so I'd have to trust their judgment. I'm going to post this to > legal in just a few minutes asking their feedback. I'd like to hear > what they say regardless of what we end up doing - I'm genuinely > curious :) > > Thanks again very much for chiming in. Its nice to see that you (and > others) are taking continued interest in the project. > > Best regards, > > Les > > On Mon, Dec 1, 2008 at 6:28 PM, adamtaft <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> I'm not really a contributor to the JSecurity project yet (though I hope to >> be in the future). However, this thread has caught my attention, and so I >> thought I'd give a couple of thoughts. >> >> I have an interest, call it a hobby, in name related issues for software >> projects, open source included. So, though I don't speak from any official >> background (I guess beyond a little professional), I would like to point out >> a few things about the name Alcatraz. >> >> First, as I believe has been mentioned, the term Alcatraz has been >> associated with other software products already. So, this is bad news with >> regards to trademark related issues. Just because its a geographic location >> doesn't mean that it can't be trademarked. Thus, likely these other >> software products are going to have problems with any related use of the >> term Alcatraz. >> >> Second, the connotation for JSecurity implies that the product is used to >> keep people out of the protected system. This is what the term "security" >> implies, right? Alcatraz is a prison. It was NOT meant to keep people out, >> it was meant to keep people in. The use is only quasi-related, and even >> confusing, for a product with your feature set. Alcatraz software would be >> a better name for a product which keeps workstation/network users >> constrained in their internet use, like a firewall, or a web proxy, for >> example. Or a child internet monitoring product. >> >> Don't underestimate the importance of this point. The name of a software >> should ideally be somewhat self describing, especially when starting out. >> Until the name becomes a core brand, having a self describing name can make >> a big difference. >> >> Third, I don't think you can underestimate how important it is that people >> can search the name of your product and find it through Google (and >> friends). Clearly the term Alcatraz has a huge number of unrelated hits, >> and you would clearly be lost any search engine placement with the name. >> Much better to have a name for your software that is the only known >> reference so that people can easily find you after having hear the name. >> This is why so many companies go crazy and conjure completely strange and >> nonsensical product names. >> >> Fourth, Alcatraz is a relatively difficult name to spell, which again >> becomes problematic for the above search recognition reasons. Alkitraz? >> Some people simply won't know how to spell it immediately (though this is a >> minor point, admittedly). >> >> Fifth, it seems like you're making preparations for something that you don't >> even know to be a problem. Yes, the Apache legal team should be consulted. >> However, it seems like jumping the gun to just start changing package names >> with anticipation of a name change. You would be crazy to start renaming >> packages based on some unknown possibility that it has to happen in the >> future. What value does this add to the software? >> >> Following the sigma-six and/or extreme programming world view, you shouldn't >> be making any change to your software until the change is actually required >> and value is added. Do you have a pending lawsuit? Has the Apache council >> suggested the change? Are you being blocked by the incubation process? Why >> even consider a change until it needs to be done. Energy could be better >> spent on other matters. >> >> Yes, it's a trivial thing to refactor a project from Eclipse. But, that's >> only a very small part of the bigger issue. Disruption, confusion, support, >> search engine optimization, etc. are what needs to be thought about when >> changing the name. >> >> Further, what if you decide to change the name to Alcatraz, and then get >> pressure from another software group? Ouch, time to rename the project yet >> again. >> >> I think you all are better just letting this thing ride until something real >> convicting suggests you need a change. JSecurity is a great product name >> which you should stick with until otherwise needed. And, if that day comes, >> Alcatraz is just simply the wrong name, in my humble opinion, for all the >> reasons mentioned above. >> >> Thanks, >> >> Adam >> >> >> >> >> >> Emmanuel Lecharny wrote: >>> >>> Alan D. Cabrera wrote: >>>> >>>> On Nov 30, 2008, at 2:32 PM, Emmanuel Lecharny wrote: >>>> >>>>> Alan D. Cabrera wrote: >>>>>> >>>>>> On Nov 26, 2008, at 9:51 AM, Les Hazlewood wrote: >>>>>> >>>>>>> On Tue, Nov 25, 2008 at 6:01 PM, Emmanuel Lecharny >>>>>>> <[EMAIL PROTECTED]> wrote: >>>>>>> >>>>>>>> Post to [EMAIL PROTECTED], ask them, but give them the names we >>>>>>>> have googled >>>>>>>> too. >>>>>>> >>>>>>> I think this needs to be vetted, so I'm happy to post to >>>>>>> legal-discuss. But, I can't easily find the thread with the googled >>>>>>> names. Could you please forward them on so I can post them to the >>>>>>> legal team? >>>>>> >>>>>> Let me suggest this. It seems to me that that alcatraz is the clear >>>>>> favorite, after jsecurity. Let's start setting up the 1.0 packages >>>>>> to be alcatraz and when/if we get the go-ahead from legal and the >>>>>> Incubator PMC we can change the packages to be jsecurity. >>>>> Well, I think then it's better to stick with JSecurity (because it's >>>>> already the name we use), ask to Legal, and move to alcatraz if >>>>> needed (or any other name). >>>>> >>>>> So the first step, IMHO, is to ask Legal about the Jsecurity name >>>>> (with all the infos we have already found about it), and also ask >>>>> them in the same mail if Alcatraz is ok or not (same here : add some >>>>> more infos related to this name, assuming that being a geographical >>>>> location, it should not be such a problem). >>>> >>>> Legal is not a clearing house for project names. They can only give >>>> advice if there's a potential conflict, i.e. JSecurity. So far as I >>>> can tell, there is none for alcatraz. >>>> >>>> What I'm worried about is that the vetting effort for the JSecurity >>>> name will have the same track record as the v0.9 release. If we start >>>> with alcatraz then we have one less thing impeding our incubation >>>> process. >>> Let's start with Alcratraz then, and we have quit some time to do some >>> vetting before 1.0 (hopefully when the project exits from incubator). >>> >>> So my +1 for alcatraz and +1 for doing the renaming now. >>> >>> >>> -- >>> -- >>> cordialement, regards, >>> Emmanuel Lécharny >>> www.iktek.com >>> directory.apache.org >>> >>> >>> >>> >> >> -- >> View this message in context: >> http://n2.nabble.com/JSecurity%27s-new-name-tp1569003p1601248.html >> Sent from the JSecurity Developer mailing list archive at Nabble.com. >> >> >
