Michal,
2010/4/6 Michal Ambroz <re...@seznam.cz>:
> Hello Andres,
> < Could you please point me to the incompatible licenses? Which
> < libraries have them?
> 1) Main concern for Fedora legal review sofar was about possible
> incompatibilities in GPLv2 to LGPLv3.
> W3AF as whole is released under GPLv2 license.
> It contains modules or portions of code from LGPLv3 (xdot.py, python-ntlm),
> which seems incompatible according the matrix from
> http://www.gnu.org/licenses/gpl-faq.html#AllCompatibility
>
> I have attached overview with copyrights used in w3af which I was able to
> find sofar.
Luciano will be able to confirm, but I think that he just created
the python-xdot and python-ntlm packages, and made w3af dependent on
those two. That way, w3af uses those libraries, and the package isn't
in conflict.
Would that work for Fedora?
> 2) Creative Commons Attribution-Share Alike 3.0 License
> Creative commons has not approved any other license to be as free as this
> license
> so I assume it is not possible to deliver it with GPLv2 software - sure I
> might be wrong:
> http://creativecommons.org/compatiblelicenses
>
> Files under this license:
> ./plugins/discovery/dir_bruter/common_dirs_small.db
I think that Luciano removed this file completely from the debian package.
> extlib/nltk/corpus/reader/sinica_treebank.py
Don't remember about this one.
> 3) there are files without license/copyright
> - formally default copyright rules given by local legislation might be
> applicable and different country by country
> - Some python code doesn't have copyright/license text (for example
> w3af_console w3af_gui, ./core/controllers/vdaemon/dump.py,
> extlib/nltk_contrib/timex.py)
> - Scripts in scripts/*.w3af
> - Bundled profiles in profiles/*.pw3af
> - Additional data like: ./plugins/output/htmlFile/style.css
> - Google hacking database ./plugins/discovery/ghdb/GHDB.xml
> - ./plugins/discovery/ria_enumerator/common_filenames.db
> - ./plugins/attack/payloads/webshell/webshell.php
> - ./core/controllers/bruteforce/passwords.txt
> - ./core/controllers/bruteforce/users.txt
> - ./core/controllers/vdaemon/*.asm
> - ./locales/*
I'll try to fix these errors. Most of them are my fault.
> 4) Files with complicated license
> - ./plugins/discovery/pykto/scan_database.db - CIRT - This file may not be
> re-used and is not licensed under the GPL.
Luciano and I decided to remove that file from the Debian package.
> < Luciano worked a lot with the licenses in order to make everything
> < work in Debian. I'm sure he did an excellent work because he bugged me
> Sure he did great job. His notes in the debian package inspired me to do the
> same
> review for Fedora, when I was trying to create rpm package.
:)
One problem you might find (or already found?) is that w3af
requires python2.5. Is py2.5 still supported in Fedora?
> Best regards
> Michal Ambroz
>
> < ------------ Původní zpráva ------------
> < Od: Andres Riancho <andres.rian...@gmail.com>
> < Předmět: Re: [W3af-develop] W3AF licenses
> < Datum: 06.4.2010 21:18:58
> < ----------------------------------------
> < Michal,
> <
> < On Tue, Apr 6, 2010 at 4:12 PM, Michal Ambroz <re...@seznam.cz> wrote:
> < > Dear developers,
> < > I am contacting you regarding the license concerns about the w3af tarball
> < distributed
> < > by the project.
> < >
> < > I am trying to create the package of w3af for Fedora:
> < > https://bugzilla.redhat.com/show_bug.cgi?id=579428
> < >
> < > As part of the review I have asked for the legal suitability of the
> package
> < for Fedora.
> < > It was pointed out by Tom "spot" Callaway that there might be some legal
> < complications
> < > regarding bundling of incompatible licenses (GPLv2 / GPLv3) together.
> < > http://lists.fedoraproject.org/pipermail/legal/2010-April/001213.html
> <
> < Could you please point me to the incompatible licenses? Which
> < libraries have them?
> <
> < > Please I would like to ask you how this issue is dealt with in the
> packages in
> < other
> < > distributions?
> < >
> < > Do you have some agreements with the authors of upstream projects which
> code
> < > was used as libraries / plugins ?
> <
> < No,
> <
> < > Has somebody raised concern about bundling the w3af distribution tarball
> with
> < > code with possibly incompatible licenses?
> <
> < Luciano worked a lot with the licenses in order to make everything
> < work in Debian. I'm sure he did an excellent work because he bugged me
> < during 15 days about it ;) and at the end we were able to have a
> < working w3af package in APT. I wouldn't mind working together with you
> < to clarify all the possible issues that you are finding.
> <
> < Regards,
> <
> < > Thank you
> < > Michal Ambroz
> < >
> < >
> < >
> <
> ------------------------------------------------------------------------------
> < > Download Intel® Parallel Studio Eval
> < > Try the new software tools for yourself. Speed compiling, find bugs
> < > proactively, and fine-tune applications for parallel performance.
> < > See why Intel Parallel Studio got high marks during beta.
> < > http://p.sf.net/sfu/intel-sw-dev
> < > _______________________________________________
> < > W3af-develop mailing list
> < > W3af-develop@lists.sourceforge.net
> < > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> < >
> <
> <
> <
> < --
> < Andrés Riancho
> < Founder, Bonsai - Information Security
> < http://www.bonsai-sec.com/
> < http://w3af.sf.net/
> <
> <
> <
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
