[Owasp-leaders] Open source licence advice

Rogan Dawes rogan at dawes.za.net
Thu Jan 27 06:10:04 EST 2011

On 2011/01/27 11:59 AM, psiinon wrote:
> Hi folks,
> OK, so this isnt about the summit, but maybe it will be a bit of light
> relief ... or maybe not ;)
> Just wondering if anyone can advise on open source licences compatibility.
> I'm _not_ asking for strict legal 'you wont be sued' advice (although
> obviously that would be great;) just pragmatic feedback.
> Background for those who've read this far:
> The Zed Attack Proxy is based on Paros which was licensed under the
> Clarified Artistic Licence.
> We now include other components which are licensed under a variety of
> other ways, like Apache v2, LGPL.
> I dont really care what open source licence we use as long as it means
> people feel comfortable using ZAP in any way they want (apart from
> selling it;) and we dont abuse the licences of the other components we
> use.
> We currently use Apache v2, but one of the other devs is worried that
> might clash with some of the other licences.
> Any thoughts?
> Many thanks,
> Psiinon

Hi Psiinon,

I've always been a little concerned about the relicensing of Paros from 
Clarified Artistic to something else. You have to be very careful to 
make sure that licenses are compatible, and even then, the action of 
taking someone's code and relicensing it is generally considered to be 

e.g. taking BSD code and relicensing it under the GPLv2 is technically 
allowed, but it caused some ruckus between the OpenBSD devs and the 
Linux kernel devs when code from OpenBSD was relicensed as GPLv2.


More information about the OWASP-Leaders mailing list