A self signed certifcate will save you money and is unlikely to be noticed. Also to save money you may use a 40 bit certificate which is also not likely to be a barrier. Make sure every page is printable to a single page of A4. openssl with mod_ssl for apache is the easy free way to go. Always remember to backup your key and CSR and store them securely. Perl wise you should notice no difference under https except for a slight decrease in speed. I would look at some of the CPAN encryption modules if you do decide to store credit card information on your server. Watch out what minimum transaction size you do choose as the smaller they get the less worthwhile it all becomes

Thanks for the ideas.

I already have a self-signed cert I created awhile ago, and it's been working fine for my basic tests. I also bury my IMAP mail behind it using SquirrelMail, so the mod_ssl bits are already there and functioning well (I also use a similar certificate for my irc/ssl irc server). My server signature is currently:

Server:
   Apache/1.3.26 (Unix) 
   PHP/4.3.0RC1 
   mod_gzip/1.3.19.1a 
   mod_perl/1.26 
   mod_ssl/2.8.9 
   OpenSSL/0.9.6a
[download]

The only downside to having a self-signed certificate is that the user will get a warning dialog every single time they hit the secured page, because their browser doesn't recognize the CA.

I suppose I'll have to see how to handle the merchant account issue. I wonder what (if anything) they charge for that service. Is it a percentage of the charges processed through them? Or is it a flat fee on a monthly scale? Merits further investigation. Thanks again.

Personally I'd do paypal. While it's known to have a bad customer agreement, it's very widely known, and trivial to write something for it - it's just a plain form with the action attribute pointing to paypal.

But don't expect to get much from it. I've had a Contribute form up for AxKit for over a year now and not had a single donation, despite the default donation being set at only $20.

If you proceed on your own, just one tip. Have a website that can hold up to the /. effect. :-)

We've been slashdotted a few times for other reasons (the Sony GPL Violation was one), the site has no problem with getting slammed. We've held off on public awareness campaigns for the moment, only because we' keep getting threatened by the CEO with being sued every time we talk about mentioning this to anyone. Once our attorney assures us we are in the clear, the broader campaign will commence.

The problem with the copyright assignment is that we're spreading the copyright too thin at that point. There are eight (8) or so of us on the team, and we've already filed US Copyright documents with the copyright office ("dead-tree" versions, signed in blue ink, with the required two printed copies of the source included), but re-assigning copyright to the FSF would weaken our position in the short term.

It tends to be a delicate issue, but the interesting part is how the licensing and your rights actually get stronger when the original GPL license is violated.. (every copy re-distributed/sold/etc. after a GPL violation is found, is now a US copyright violation, outside the reach of the GPL, but now well within the reach of the DMCA and Lanham Act).

At this point, my concern is to continue getting releases out, make the customers aware that the software was written by us, not by $COMPANY, and that we are the copyright holders, not $COMPANY. To affront the lawsuit threats we've been hearing, it's going to be good to be prepared financially and legally, for whatever will ensue, by making it possible for others to help us out with donations/etc.

The CEO has already said directly that he has millions of investor dollars to take to court with him, and his intention is to bankrupt us. There's something very fishy going on here. We simply asked for compliance with the license, and for that request, are being threatened with lawsuits. Doesn't quite sound right, unless someone's guilty, and trying to mute the developers with baseless threats.

Keep the great ideas, comments, and support coming.

A commercial company has taken our software and is using it in violation of the spirit and letter of the license which binds it...

Nasty. This company, and this CEO, need to be hurt. They're not getting it. Simple vindictiveness might indicate finding out who's on their board and contacting them too - they might like being personally implicated... :)

Even if the FSF atty won't work for free to free your software, be sure she helps you cover;

• Your documentation and proofs;

• Your rights and responsibilities re: PR and other public venue exposures your group, with the FSF's help, may be able to use (the Big Company may not like public exposure for many reasons...) However, using PR and taking it public has it's own risks - be sure an attorney works with you at every step. Not that this is advice (IANAL), but given proper legal help, could be very interesting.

• What's your fallback position if there are no donos?

• Get her advice and guidance on ALL other avenues and approaches you can pursue, including her advice or referrals to atty's that CAN and WILL take a high profile case pro bono.

• As for payments, do all mentioned. Also include a phone number donors can call. Be sure you have ways to issue receipts.

I just did a little Googling and noticed who they are. Their web site hides all contact and corporate info. Interesting.

There's a bit of data floating around, including good sites like this one.

There are some quasi-legal forms of business treachery you may want to keep in mind. Here are a few questions you can research.

Do members of $COMPANY's law and/or accounting firm hold a majority of the voting stock or board seats? That gives them the power to shift $COMPANY's assets into their own pockets by doing just as they have threatened. In extremis, they can leave an empty husk for you to try and collect from, along with all their other creditors.

Is there a dissatisfied minority block of shareholders? Some may be wary of the majority, and assist you by opposing the board and management. They have a lot to lose if the majority loots the company.

Do $COMPANY's employees hold a significant block of stock? Bankruptcy hurts them worst of all, They are less likely to oppose the majority, but might be developed as a source of information.

Are $COMPANY's shares publicly traded? That gives you the tactic of buying a share, which gives you standing to make demands, noise and trouble. It also makes the SEC take an interest.

Does $COMPANY have enough money or political clout to be above the law? Self-explanatory.

After Compline,
Zaxo

Legally, this is tricky but possible, IMHO (though IANAL, thank Chao). Does $COMPANY already have a bad reputation? If so, seek the help of advocacy groups such as the Better Business Bureau, or attempt to get in touch with law enforcement -- if the CEO is doing this to you, the CEO may be doing it to someone else.

Similarly, consider the possibility of enlisting a (hopefully) more honorable corporate sponsor in some fashion -- set up a licensing agreement with someone who has got the legal capability to reduce $COMPANY to litigious cinders, and sit back to watch the fireworks.

Keep in mind that IANAL. (Although if you do see a hefty settlement through these techniques, then by reading this post you've already agreed to my EULA (End-User Legal Agreement) and therefore owe me 5% of all monies recieved. ;) )

-----------------------
You are what you think.