[Owasp-leaders] Open source licence advice

psiinon psiinon at gmail.com
Thu Jan 27 04:59:11 EST 2011

Hi folks,

OK, so this isnt about the summit, but maybe it will be a bit of light
relief ... or maybe not ;)

Just wondering if anyone can advise on open source licences compatibility.
I'm _not_ asking for strict legal 'you wont be sued' advice (although
obviously that would be great;) just pragmatic feedback.

Background for those who've read this far:
The Zed Attack Proxy is based on Paros which was licensed under the
Clarified Artistic Licence.
We now include other components which are licensed under a variety of
other ways, like Apache v2, LGPL.
I dont really care what open source licence we use as long as it means
people feel comfortable using ZAP in any way they want (apart from
selling it;) and we dont abuse the licences of the other components we
We currently use Apache v2, but one of the other devs is worried that
might clash with some of the other licences.
Any thoughts?

Many thanks,


More information about the OWASP-Leaders mailing list