Hello Andres,
thank you for information.
< Luciano will be able to confirm, but I think that he just created
< the python-xdot and python-ntlm packages, and made w3af dependent on
< those two. That way, w3af uses those libraries, and the package isn't
< in conflict.
< Would that work for Fedora?
Clear ... I try to go this direction as well. I hope it will work like that.
Side effect is - I will probably have to repack the source tarball to remove
the code from the
source package. From Luciano's email I understand he has to do the same for
debian.
I believe this could be quite unfortunate from the security point of view.
It could be quite tricky to compare whether what is in the (fedora) source
package is
really what I got from the upstream project.
Do you think it would be feasible for you that in future the project would be
delivering 2 tarballs:
1 - the full package with all dependencies
2 - the w3af core package with only the w3af codebase without dependencies
What do you think? Would that be feasible?
< > 2) Creative Commons Attribution-Share Alike 3.0 License
< > ./plugins/discovery/dir_bruter/common_dirs_small.db
< I think that Luciano removed this file completely from the debian package.
I can try to make separate package or sub-package for this.
< > 3) there are files without license/copyright
< > - formally default copyright rules given by local legislation might be
< I'll try to fix these errors.
Thank you ... that would be great.
< One problem you might find (or already found?) is that w3af
< requires python2.5. Is py2.5 still supported in Fedora?
Nope python 2.5 is not supported, only 2.6 is.
As far as I can tell it is working with python 2.6.
Only problem with compilation of python object code was with scapy
extlib/scapy/scapy.py .
SyntaxError: ('invalid syntax', ('/usr/share/w3af/extlib/scapy/scapy.py', 3114,
46, ' tr = map(lambda x: Gnuplot.Data(x,with="lines"), trt.values())\n'))
Other than that it seems to work, but I was not able to check and confirm all
the plugins are working as expected.
Best regards
Michal Ambroz
< > < ------------ Původní zpráva ------------
< > < Od: Andres Riancho <[email protected]>
< > < Předmět: Re: [W3af-develop] W3AF licenses
< > < Datum: 06.4.2010 21:18:58
< > < ----------------------------------------
< > < Michal,
< > <
< > < On Tue, Apr 6, 2010 at 4:12 PM, Michal Ambroz <[email protected]> wrote:
< > < > Dear developers,
< > < > I am contacting you regarding the license concerns about the w3af
tarball
< > < distributed
< > < > by the project.
< > < >
< > < > I am trying to create the package of w3af for Fedora:
< > < > https://bugzilla.redhat.com/show_bug.cgi?id=579428
< > < >
< > < > As part of the review I have asked for the legal suitability of the
< package
< > < for Fedora.
< > < > It was pointed out by Tom "spot" Callaway that there might be some legal
< > < complications
< > < > regarding bundling of incompatible licenses (GPLv2 / GPLv3) together.
< > < > http://lists.fedoraproject.org/pipermail/legal/2010-April/001213.html
< > <
< > < Could you please point me to the incompatible licenses? Which
< > < libraries have them?
< > <
< > < > Please I would like to ask you how this issue is dealt with in the
< packages in
< > < other
< > < > distributions?
< > < >
< > < > Do you have some agreements with the authors of upstream projects which
< code
< > < > was used as libraries / plugins ?
< > <
< > < No,
< > <
< > < > Has somebody raised concern about bundling the w3af distribution tarball
< with
< > < > code with possibly incompatible licenses?
< > <
< > < Luciano worked a lot with the licenses in order to make everything
< > < work in Debian. I'm sure he did an excellent work because he bugged me
< > < during 15 days about it ;) and at the end we were able to have a
< > < working w3af package in APT. I wouldn't mind working together with you
< > < to clarify all the possible issues that you are finding.
< > <
< > < Regards,
< > <
< > < > Thank you
< > < > Michal Ambroz
< > < >
< > < >
< > < >
< > <
< ------------------------------------------------------------------------------
< > < > Download Intel® Parallel Studio Eval
< > < > Try the new software tools for yourself. Speed compiling, find bugs
< > < > proactively, and fine-tune applications for parallel performance.
< > < > See why Intel Parallel Studio got high marks during beta.
< > < > http://p.sf.net/sfu/intel-sw-dev
< > < > _______________________________________________
< > < > W3af-develop mailing list
< > < > [email protected]
< > < > https://lists.sourceforge.net/lists/listinfo/w3af-develop
< > < >
< > <
< > <
< > <
< > < --
< > < Andrés Riancho
< > < Founder, Bonsai - Information Security
< > < http://www.bonsai-sec.com/
< > < http://w3af.sf.net/
< > <
< > <
< > <
<
<
<
< --
< Andrés Riancho
< Founder, Bonsai - Information Security
< http://www.bonsai-sec.com/
< http://w3af.sf.net/
<
<
<
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
