Hello Andres,
< Could you please point me to the incompatible licenses? Which
< libraries have them?
1) Main concern for Fedora legal review sofar was about possible
incompatibilities in GPLv2 to LGPLv3.
W3AF as whole is released under GPLv2 license.
It contains modules or portions of code from LGPLv3 (xdot.py, python-ntlm),
which seems incompatible according the matrix from
http://www.gnu.org/licenses/gpl-faq.html#AllCompatibility
I have attached overview with copyrights used in w3af which I was able to find
sofar.
2) Creative Commons Attribution-Share Alike 3.0 License
Creative commons has not approved any other license to be as free as this
license
so I assume it is not possible to deliver it with GPLv2 software - sure I might
be wrong:
http://creativecommons.org/compatiblelicenses
Files under this license:
./plugins/discovery/dir_bruter/common_dirs_small.db
extlib/nltk/corpus/reader/sinica_treebank.py
3) there are files without license/copyright
- formally default copyright rules given by local legislation might be
applicable and different country by country
- Some python code doesn't have copyright/license text (for example
w3af_console w3af_gui, ./core/controllers/vdaemon/dump.py,
extlib/nltk_contrib/timex.py)
- Scripts in scripts/*.w3af
- Bundled profiles in profiles/*.pw3af
- Additional data like: ./plugins/output/htmlFile/style.css
- Google hacking database ./plugins/discovery/ghdb/GHDB.xml
- ./plugins/discovery/ria_enumerator/common_filenames.db
- ./plugins/attack/payloads/webshell/webshell.php
- ./core/controllers/bruteforce/passwords.txt
- ./core/controllers/bruteforce/users.txt
- ./core/controllers/vdaemon/*.asm
- ./locales/*
4) Files with complicated license
- ./plugins/discovery/pykto/scan_database.db - CIRT - This file may not be
re-used and is not licensed under the GPL.
< Luciano worked a lot with the licenses in order to make everything
< work in Debian. I'm sure he did an excellent work because he bugged me
Sure he did great job. His notes in the debian package inspired me to do the
same
review for Fedora, when I was trying to create rpm package.
Best regards
Michal Ambroz
< ------------ Původní zpráva ------------
< Od: Andres Riancho <[email protected]>
< Předmět: Re: [W3af-develop] W3AF licenses
< Datum: 06.4.2010 21:18:58
< ----------------------------------------
< Michal,
<
< On Tue, Apr 6, 2010 at 4:12 PM, Michal Ambroz <[email protected]> wrote:
< > Dear developers,
< > I am contacting you regarding the license concerns about the w3af tarball
< distributed
< > by the project.
< >
< > I am trying to create the package of w3af for Fedora:
< > https://bugzilla.redhat.com/show_bug.cgi?id=579428
< >
< > As part of the review I have asked for the legal suitability of the package
< for Fedora.
< > It was pointed out by Tom "spot" Callaway that there might be some legal
< complications
< > regarding bundling of incompatible licenses (GPLv2 / GPLv3) together.
< > http://lists.fedoraproject.org/pipermail/legal/2010-April/001213.html
<
< Could you please point me to the incompatible licenses? Which
< libraries have them?
<
< > Please I would like to ask you how this issue is dealt with in the packages
in
< other
< > distributions?
< >
< > Do you have some agreements with the authors of upstream projects which code
< > was used as libraries / plugins ?
<
< No,
<
< > Has somebody raised concern about bundling the w3af distribution tarball
with
< > code with possibly incompatible licenses?
<
< Luciano worked a lot with the licenses in order to make everything
< work in Debian. I'm sure he did an excellent work because he bugged me
< during 15 days about it ;) and at the end we were able to have a
< working w3af package in APT. I wouldn't mind working together with you
< to clarify all the possible issues that you are finding.
<
< Regards,
<
< > Thank you
< > Michal Ambroz
< >
< >
< >
< ------------------------------------------------------------------------------
< > Download Intel® Parallel Studio Eval
< > Try the new software tools for yourself. Speed compiling, find bugs
< > proactively, and fine-tune applications for parallel performance.
< > See why Intel Parallel Studio got high marks during beta.
< > http://p.sf.net/sfu/intel-sw-dev
< > _______________________________________________
< > W3af-develop mailing list
< > [email protected]
< > https://lists.sourceforge.net/lists/listinfo/w3af-develop
< >
<
<
<
< --
< Andrés Riancho
< Founder, Bonsai - Information Security
< http://www.bonsai-sec.com/
< http://w3af.sf.net/
<
<
<
W3AF tarball package was downloaded from http://w3af.sourceforge.net/
Copyright: 2007-2010 Andres Riancho
It contains code/modules from these other projects:
jsonpy
Files: extlib/jsonpy/*
Copyright: [email protected]
HomePage: http://sourceforge.net/projects/json-py/
License: LGPLv2.1+
python-ntlm
Files: core/data/url/handlers/HTTPNtlmAuthHandler.py extlib/ntlm
Copyright: Matthijs.Mullender
HomePage: http://code.google.com/p/python-ntlm/
License: LGPLv3+
cluster
Files: extlib/cluster/*
Copyright: Michel Albert
HomePage: http://python-cluster.sourceforge.net/
License: LGPLv2.1+
halberd
Files: plugins/discovery/oHalberd/*
Copyright: 2008 Juan M. Bello Rivas
HomePage: http://halberd.superadditive.com/
License: GPLv2+
hmap
Files: plugins/discovery/oHmap/*
Copyright: 2003 Dustin Lee
HomePage: http://ujeni.murkyroc.com/hmap/
License: GPLv2+
meld
Files: core/ui/gtkUi/comparator/diffutil.py
Copyright: 2002-2006 Stephen Kennedy <[email protected]>
HomePage: http://meld.sourceforge.net/
License: GPLv2+
Natural Language Toolkit (nltk)
Files: extlib/nltk/*
Copyright: 2001-2009 NLTK Project
HomePage: http://www.nltk.org
License: GPLv2+
Wordnet
Files: extlib/nltk/nltk_data/corpora/wordnet
Copyright: Copyright 2006 by Princeton University
HomePage: http://wordnet.princeton.edu/
License: WordNet 3.0 (BSD style)
pluginEditor
Files: core/ui/gtkUi/pluginEditor.py
Copyright: 1998 James Henstridge, 2004 John Finlay
License: GPLv2+
sqlmap
Files: plugins/attack/db/*
Copyright: 2008 Daniele Bellucci
2008 Bernardo Damele
HomePage: http://sqlmap.sourceforge.net/
License: GPLv2
xdot.py
Files: extlib/xdot/xdot.py
Copyright: 2008 Jose.R.Fonseca
HomePage: http://code.google.com/p/jrfonseca/wiki/XDot
License: LGPLv3+
xml-data-file-of-online-valid-phishes-from-phishtank
Files: plugins/discovery/phishtank/index.xml
Copyright: 2006 OpenDNS, LLC
HomePage:
http://www.phishtank.com/blog/2006/10/17/xml-data-file-of-online-valid-phishes-from-phishtank/
http://data.phishtank.com/data/online-valid/
License: This data is free. It may be used in commercial products or
non-commercial products, by organizations or individuals.
xml-data-file-google-hacking-database
Files: ./plugins/discovery/ghdb/GHDB.xml
Copyright: Johnny Long + others???
HomePage: http://johnny.ihackstuff.com/xml/schema.xml
License: ???
swup
Files: core/data/url/xUrllib.py
Copyright: 2003 Trustix AS, 2004 Tor Hveem, 2004 Omar Kilani for tinysofa
HomePage: http://swup.trustix.org/
License: ??? free, but I am not able to find
urlgrabber
Files: core/data/url/handlers/keepalive.py
Copyright: 2002-2004 Michael D. Stenner, Ryan Tomayko
HomePage: http://urlgrabber.baseurl.org/
License: LGPLv2.1+
scapy
Files: extlib/scapy/*
Copyright: 2003 Philippe Biondi
HomePage: http://www.secdev.org/projects/scapy/
License: GPLv2
SOAPpy
Files: extlib/SOAPpy
Copyright: Pfizer, Cayce Ullman, Brian Matthews
HomePage: http://pywebsvcs.sourceforge.net/
License: BSD type, LBNLCopyright
pygoogle
Files: extlib/pygoogle
Copyright: 2004 Mark Pilgrim
HomePage: http://pygoogle.sourceforge.net/
License: Python
pyPdf
Files: extlib/pyPdf
Copyright: 2006, Mathieu Fenniak
HomePage: http://pybrary.net/pyPdf/
License: BSD Type
TIGER from TreeAligner Project
Files: extlib/nltk_contrib/tiger
Copyright: 2007-2008 Stockholm TreeAligner Project
HomePage: http://kitt.cl.uzh.ch/kitt/treealigner
License: GPLv2
BeautifulSoup
Files: extlib/BeautifulSoup.py
Copyright: 2004-2007 Leonard Richardson
HomePage: http://www.crummy.com/software/BeautifulSoup/
License: PSF
Without license:
find ./ -name "*.py" -type f | \
while read FILE ; do
grep -i "copyright" > /dev/null
if [ $? -ne 0 ] ; then
echo $FILE
fi
done
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
