27 replies to this topic

[manager]

Hi there,

I see many web sites based on content management systems like: Wordpress, Textpattern, Joomla, and dynamic image galleries, like Gallery. Some people leave the credit link; others delete it.

I ‘m interested to know what influences people’s decisions on whether to leave the credit link on opensource software or remove it.

For those who don’t have a clue what I’m banging on about, if you scroll down to the very bottom of this forum you will see that Cre8 has a link to Invision; the “creators” of the forum software.

I'm prepared to confess that sometimes I leave the credit links; and other times I don’t.

Possible reasons to leave the link:
1. The software project gets more exposure – this can lead to further development.
2. It’s nice too say thanks, and they get another inbound link.
3. You don’t know how to remove it.


Possible reasons not to.
1.You may give hackers, an "insight" into your website; they can exploit well-known un-patched weaknesses.
2. You may give your competition, a leg up.
3. You want to re-brand an application, and sell it as your own work (sometimes this is perfectly legal, dependant on the license) I don't do this.

Any comments, do you think it’s mean or wise to remove the credit links?

Afterthought

If the terms of the license forbids removal of the credit link then you shouldn’t

TreV

Edited by manager, 14 July 2006 - 05:46 AM.

[eKstreme]

Personally, I don't think the footer of every page should contain a link saying "powered by blah", so I remove footer/site-wide links. My users just don't care!

However, in the about page, I usually have a thank you paragraph for the scripts that power the site. That contains links galore.

Pierre

[A.N.Onym]

Generally, if the link stands in the way of my visitors (extra page real estate), I either remove it or find another script.

If the link doesn't bother me or my visitors, I leave it intact, as is the case with WordPress.

Instead of removing the WordPress link completely, you can change it to something like "Supported by Word Press", too.

[manager]

Yeah Pierre,

Non-techie users may see the link; and think, “what’s all that about”? Or even worse; click on the link and leave your site prematurely. I think that's a good approach – mention the script once somewhere.

TreV

[praveen]

i leave the wordpress links mostly.

but otherwise i remove them.

probably competition thing as i dont want them to see what i use (not that they cant find out, but still) and my users arent overly bothered abt what drives the site. they come there for a purpose and they get what they want and not how this came to be, what is the script running it etc...

[A.N.Onym]

Do you guys totally neglect the aspect of giving credit to the creator of the script, even if the script is open source? I must have missed that =)

[eKstreme]

Do you guys totally neglect the aspect of giving credit to the creator of the script, even if the script is open source? I must have missed that =)

Yes, credit should be given, but not on every page!

[A.N.Onym]

Yeah, I guess mentioning the author in the About page may be the best way.
No side-wide links and the credit is given.

However, if the software is designed to have a link on all pages, why remove it if you want to give credit to the author? The footer links don't hurt you (unless you are linking to some bad neighbourhood).

Edited by A.N.Onym, 14 July 2006 - 06:51 AM.

[JohnMu]

What I like to do is convert the link into a javascript link in an external script. That way I reduce the exposure in the search engines. My forums have been hacked too often based on traceable "google-hacks" (eg someone searching for "powered by phpBB v2.x.x" and clicking through to the site, only to send off a script a few minutes later). I have no problem with giving credit where the author wants credit, I just don't feel that a search-engine visible link is any different. I doubt they will get much out of those site-wide links (especially from my domains, ha ha), so I don't see much of an SEO influence anyway. For that reason, I usually also remove the version number, if I can.

A "real" hacker will still be able to track signatures of my sites and the software used and they will still be able to recognize the version number and crack the script - but those 99.997% script-kiddies will go find somehting easier. I doubt a real hacker would bother with my sites (but you shouldn't count on it) so I feel safe enough that way.

I don't think single-script solutions (eg phpBB) are much of a problem, you can update those "relatively" easily (if only a bit easier ...). Really problematic are those multi-script things, portals and such, where you don't even know which scripts are involved and which ones need to be updated (and how). It's worse than Windows - 100's of patches from 100's of places and no central update-service. Argh! That's why I like to stay away from things like that

John

Edit: rereading my posting... it almost sounds like I always remove the links: in fact, I usually leave them in place, especially if I feel that the author needs them or the script is something really special.

Edited by softplus, 14 July 2006 - 07:41 AM.

[manager]

rereading my posting... it almost sounds like I always remove the links: in fact, I usually leave them in place, especially if I feel that the author needs them or the script is something really special.

Yes John I hear what you are saying,
Come to think of it, you can see this issue from a dual perspective

TreV

[projectphp]

I always change the notice if I can. Footprints matter, and having the same as everyone else can really huurt. Even just changing the wording to "This software made by" from "powered by" can have a dramatic effect in reducing hack attempts. Here, we actually turned the copyright into an image. Same link, same everything, just an image rather than text

[manager]

projectphp,

On the specific point you raised about

Even just changing the wording to "This software made by" from "powered by" can have a dramatic effect in reducing hack attempts.

Are html comments searchable, sorry if that's a silly question.

TreV

[projectphp]

No, they shouldn't be.

However, sometimes, improperly formed comments can end up being searchable. Your best bet, if in doubt, is to test. put a unique string in a comment and search for it.

When it comes to wanting to shange a software signature, I wouldn;t take the risk myself. Who knows when/if an SE will get their parsing code wrong, exposing yourself to the world. Best to not include it at all IMHO

[dgeary9]

Hmmm.... I have to wonder what the folks who spend much time working on open source code would think about this thread . It seems a little bit like an earlier thread on this forum about the right to free website hospital evaluations - you have to be willing to have the thread, and your URL, indexed by search engines, because that is how Cre8asite gets "paid back".

I understand why people are changing links, deleting them, or making them non-indexable (especially when site security is involved), but I think that violates the spirit (and often the explicit terms of use) of open source code. Perhaps the security risk is one of the costs we take on for not having to spend time or money getting the code from another source?

I know that some open source communities are dealing with the security issues in other ways - I have a site powered by b2evolution (multi-user blogging), and in their forums, they provide a very nice list of mods to make to the software to seriously decrease its hackability by automated scripts. Simple things like changing the name of the default "comments" .php file.

The only time I have deleted the credits is when I used a template for blog site for kids (my niece's classroom blogging project), and the template I wanted was created by someone with a username that was inappropriate for a child site, as was the site it linked to. I contacted her, and asked her to provide me with some alternative link name and place, and she laughed for a week and told me to delete the credits.

[manager]

Hmmm.... I have to wonder what the folks who spend much time working on open source code would think about this thread.

I wonder as well I guess it’s reasonable to expect “the folks” would have opinions about this thread, ranging from total apathy, to anger. Who knows ?

Perhaps market orientated founder-developers / project leaders of opensource applications are keen to gain candid insights into the concerns and thoughts of end users, you never know.

TreV

Edited by manager, 14 July 2006 - 02:57 PM.

[Bharat Mediratta]

Hi, folks. I'm the founder and leader of the Gallery project. One of the members of this forum alerted me to this thread so I thought I'd provide our project's perspective on the discussion.

You are free to modify Gallery in *any* way that you choose to under the terms of the GPL. This means that you are more than welcome to delete the credit link at the bottom of the page. You can even change it to give the credit to you -- we don't care! What is important to us is that you USE our product and ENJOY our product. If all your friends think that you wrote it yourself -- so much the better :-)

Enjoy!

[manager]

Bharat,

You honour us with your presence
Thanks for taking the trouble to drop by, and give us your thoughts. I'm a big fan of the Gallery project.

TreV

[Jem]

I write small scripts for personal (teen-y) websites & weblogs and rely on the publicity that the links drive to my website to get new users and increased downloads.

I wish I could be as open-minded as Bharat about what users do to my script, but I can't (purely because of my ego, nothing else). If I find people using my scripts without the credit line I contact them and request that it is added back. If they fail to add the credit I will take the matter further by contacting their web host (thankfully, it hasn't come to this yet, and the only person 'caught' decided to just remove the script).

Of course, I'm not completely heartless, I do allow people to modify the credit providing that it remains on at least one page of the script (preferably the index page).

[projectphp]

If they fail to add the credit I will take the matter further by contacting their web host (thankfully, it hasn't come to this yet, and the only person 'caught' decided to just remove the script).

So clearly you do not use the GPL, at least version 2 of it?

This is something to note when creating scripts: what licence you choose. The GPL grants pretty much ALL rights, except copyright, to the user of the software. I can legitimately change whatever I like on GPLed software, and can reuse whatever I like however I like on the sole condition that the reused code, if distributed, also be free (as in speach).

The problem with any credit or any standard usage is that software signatures cause issues with hackers. Try this search @ Google: powered by phpbb, who took the extreme step of disabling this search, and you realise that hacking can affect resources deeply. We here get large numbers of hacking attempts, and most of that is as a result of common exploits to underlying software, after we are found via a simple search.

IMHO, if you want credit (why wouldn't you?) then you need to make that as easy as possible. "Please choose one of the following 50 images for the link. And please, RENAME THE IMAGE, to make your site harder to find for hackers."

Don't just require them to expose themselves carelessly, give them the power to choose the best way to link to you. My $0.02.

[Jem]

So clearly you do not use the GPL, at least version 2 of it?

No, I do not. My apologies, I should have been more clear (I was on my way to bed, heh). I don't release my scripts under any specific public licenses therefore my scripts aren't actually open source. My thoughts about the credit line (and removal of) applies nonetheless.