Ooops ... my favourite error - I forgot to attach a file
Michal Ambroz
< ------------ Původní zpráva ------------
< Od: Michal Ambroz <re...@seznam.cz>
< Předmět: Re: [W3af-develop] W3AF licenses
< Datum: 07.4.2010 04:10:37
< ----------------------------------------
< Hello Andres,
< < Could you please point me to the incompatible licenses? Which
< < libraries have them?
< 1) Main concern for Fedora legal review sofar was about possible
< incompatibilities in GPLv2 to LGPLv3.
< W3AF as whole is released under GPLv2 license.
< It contains modules or portions of code from LGPLv3 (xdot.py, python-ntlm),
< which seems incompatible according the matrix from
< http://www.gnu.org/licenses/gpl-faq.html#AllCompatibility
<
< I have attached overview with copyrights used in w3af which I was able to find
< sofar.
<
< 2) Creative Commons Attribution-Share Alike 3.0 License
< Creative commons has not approved any other license to be as free as this
< license
< so I assume it is not possible to deliver it with GPLv2 software - sure I
might
< be wrong:
< http://creativecommons.org/compatiblelicenses
<
< Files under this license:
< ./plugins/discovery/dir_bruter/common_dirs_small.db
< extlib/nltk/corpus/reader/sinica_treebank.py
<
< 3) there are files without license/copyright
< - formally default copyright rules given by local legislation might be
< applicable and different country by country
< - Some python code doesn't have copyright/license text (for example
w3af_console
< w3af_gui, ./core/controllers/vdaemon/dump.py, extlib/nltk_contrib/timex.py)
< - Scripts in scripts/*.w3af
< - Bundled profiles in profiles/*.pw3af
< - Additional data like: ./plugins/output/htmlFile/style.css
< - Google hacking database ./plugins/discovery/ghdb/GHDB.xml
< - ./plugins/discovery/ria_enumerator/common_filenames.db
< - ./plugins/attack/payloads/webshell/webshell.php
< - ./core/controllers/bruteforce/passwords.txt
< - ./core/controllers/bruteforce/users.txt
< - ./core/controllers/vdaemon/*.asm
< - ./locales/*
<
< 4) Files with complicated license
< - ./plugins/discovery/pykto/scan_database.db - CIRT - This file may not be
< re-used and is not licensed under the GPL.
<
< < Luciano worked a lot with the licenses in order to make everything
< < work in Debian. I'm sure he did an excellent work because he bugged me
< Sure he did great job. His notes in the debian package inspired me to do the
< same
< review for Fedora, when I was trying to create rpm package.
<
< Best regards
< Michal Ambroz
<
< < ------------ Původní zpráva ------------
< < Od: Andres Riancho <andres.rian...@gmail.com>
< < Předmět: Re: [W3af-develop] W3AF licenses
< < Datum: 06.4.2010 21:18:58
< < ----------------------------------------
< < Michal,
< <
< < On Tue, Apr 6, 2010 at 4:12 PM, Michal Ambroz <re...@seznam.cz> wrote:
< < > Dear developers,
< < > I am contacting you regarding the license concerns about the w3af tarball
< < distributed
< < > by the project.
< < >
< < > I am trying to create the package of w3af for Fedora:
< < > https://bugzilla.redhat.com/show_bug.cgi?id=579428
< < >
< < > As part of the review I have asked for the legal suitability of the
package
< < for Fedora.
< < > It was pointed out by Tom "spot" Callaway that there might be some legal
< < complications
< < > regarding bundling of incompatible licenses (GPLv2 / GPLv3) together.
< < > http://lists.fedoraproject.org/pipermail/legal/2010-April/001213.html
< <
< < Could you please point me to the incompatible licenses? Which
< < libraries have them?
< <
< < > Please I would like to ask you how this issue is dealt with in the
packages
< in
< < other
< < > distributions?
< < >
< < > Do you have some agreements with the authors of upstream projects which
< code
< < > was used as libraries / plugins ?
< <
< < No,
< <
< < > Has somebody raised concern about bundling the w3af distribution tarball
< with
< < > code with possibly incompatible licenses?
< <
< < Luciano worked a lot with the licenses in order to make everything
< < work in Debian. I'm sure he did an excellent work because he bugged me
< < during 15 days about it ;) and at the end we were able to have a
< < working w3af package in APT. I wouldn't mind working together with you
< < to clarify all the possible issues that you are finding.
< <
< < Regards,
< <
< < > Thank you
< < > Michal Ambroz
< < >
< < >
< < >
< <
< ------------------------------------------------------------------------------
< < > Download Intel® Parallel Studio Eval
< < > Try the new software tools for yourself. Speed compiling, find bugs
< < > proactively, and fine-tune applications for parallel performance.
< < > See why Intel Parallel Studio got high marks during beta.
< < > http://p.sf.net/sfu/intel-sw-dev
< < > _______________________________________________
< < > W3af-develop mailing list
< < > W3af-develop@lists.sourceforge.net
< < > https://lists.sourceforge.net/lists/listinfo/w3af-develop
< < >
< <
< <
< <
< < --
< < Andrés Riancho
< < Founder, Bonsai - Information Security
< < http://www.bonsai-sec.com/
< < http://w3af.sf.net/
< <
< <
< <
<
<
W3AF tarball package was downloaded from http://w3af.sourceforge.net/
Copyright: 2007-2010 Andres Riancho
It contains code/modules from these other projects:
jsonpy
Files: extlib/jsonpy/*
Copyright: patrickdlo...@stardecisions.com
HomePage: http://sourceforge.net/projects/json-py/
License: LGPLv2.1+
python-ntlm
Files: core/data/url/handlers/HTTPNtlmAuthHandler.py extlib/ntlm
Copyright: Matthijs.Mullender
HomePage: http://code.google.com/p/python-ntlm/
License: LGPLv3+
cluster
Files: extlib/cluster/*
Copyright: Michel Albert
HomePage: http://python-cluster.sourceforge.net/
License: LGPLv2.1+
halberd
Files: plugins/discovery/oHalberd/*
Copyright: 2008 Juan M. Bello Rivas
HomePage: http://halberd.superadditive.com/
License: GPLv2+
hmap
Files: plugins/discovery/oHmap/*
Copyright: 2003 Dustin Lee
HomePage: http://ujeni.murkyroc.com/hmap/
License: GPLv2+
meld
Files: core/ui/gtkUi/comparator/diffutil.py
Copyright: 2002-2006 Stephen Kennedy <ste...@gnome.org>
HomePage: http://meld.sourceforge.net/
License: GPLv2+
Natural Language Toolkit (nltk)
Files: extlib/nltk/*
Copyright: 2001-2009 NLTK Project
HomePage: http://www.nltk.org
License: GPLv2+
Wordnet
Files: extlib/nltk/nltk_data/corpora/wordnet
Copyright: Copyright 2006 by Princeton University
HomePage: http://wordnet.princeton.edu/
License: WordNet 3.0 (BSD style)
pluginEditor
Files: core/ui/gtkUi/pluginEditor.py
Copyright: 1998 James Henstridge, 2004 John Finlay
License: GPLv2+
sqlmap
Files: plugins/attack/db/*
Copyright: 2008 Daniele Bellucci
2008 Bernardo Damele
HomePage: http://sqlmap.sourceforge.net/
License: GPLv2
xdot.py
Files: extlib/xdot/xdot.py
Copyright: 2008 Jose.R.Fonseca
HomePage: http://code.google.com/p/jrfonseca/wiki/XDot
License: LGPLv3+
xml-data-file-of-online-valid-phishes-from-phishtank
Files: plugins/discovery/phishtank/index.xml
Copyright: 2006 OpenDNS, LLC
HomePage:
http://www.phishtank.com/blog/2006/10/17/xml-data-file-of-online-valid-phishes-from-phishtank/
http://data.phishtank.com/data/online-valid/
License: This data is free. It may be used in commercial products or
non-commercial products, by organizations or individuals.
xml-data-file-google-hacking-database
Files: ./plugins/discovery/ghdb/GHDB.xml
Copyright: Johnny Long + others???
HomePage: http://johnny.ihackstuff.com/xml/schema.xml
License: ???
swup
Files: core/data/url/xUrllib.py
Copyright: 2003 Trustix AS, 2004 Tor Hveem, 2004 Omar Kilani for tinysofa
HomePage: http://swup.trustix.org/
License: ??? free, but I am not able to find
urlgrabber
Files: core/data/url/handlers/keepalive.py
Copyright: 2002-2004 Michael D. Stenner, Ryan Tomayko
HomePage: http://urlgrabber.baseurl.org/
License: LGPLv2.1+
scapy
Files: extlib/scapy/*
Copyright: 2003 Philippe Biondi
HomePage: http://www.secdev.org/projects/scapy/
License: GPLv2
SOAPpy
Files: extlib/SOAPpy
Copyright: Pfizer, Cayce Ullman, Brian Matthews
HomePage: http://pywebsvcs.sourceforge.net/
License: BSD type, LBNLCopyright
pygoogle
Files: extlib/pygoogle
Copyright: 2004 Mark Pilgrim
HomePage: http://pygoogle.sourceforge.net/
License: Python
pyPdf
Files: extlib/pyPdf
Copyright: 2006, Mathieu Fenniak
HomePage: http://pybrary.net/pyPdf/
License: BSD Type
TIGER from TreeAligner Project
Files: extlib/nltk_contrib/tiger
Copyright: 2007-2008 Stockholm TreeAligner Project
HomePage: http://kitt.cl.uzh.ch/kitt/treealigner
License: GPLv2
BeautifulSoup
Files: extlib/BeautifulSoup.py
Copyright: 2004-2007 Leonard Richardson
HomePage: http://www.crummy.com/software/BeautifulSoup/
License: PSF
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
