[Owasp-leaders] Open source licence advice

psiinon psiinon at gmail.com
Thu Jan 27 06:33:06 EST 2011

Hi Dirk, Rogan,

I've _tried_ to make it clear that I'm not changing any existing
licences (and I know I cant).
The wording I've used (on the About Box) is:

"ZAP is a fork of the open source Paros product developed by Chinotec
Technologies Company.
The Paros code is Copyright (C) 2003-2005 Chinotec Technologies
Company and is licenced under the Clarified Artistic License as
published by the Free Software Foundation.

This product includes softwares developed by the Apache Software
Foundation licensed under Apache License 2.0. HSQLDB is licensed under
BSD license.  JDIC is licensed by Sun Microsystems, Inc under the LGPL
license. The Copyrights of these softwares belong to their respective

But I realise this may not be correct / sufficient etc.


On Thu, Jan 27, 2011 at 11:10 AM, Rogan Dawes <rogan at dawes.za.net> wrote:
> On 2011/01/27 11:59 AM, psiinon wrote:
>> Hi folks,
>> OK, so this isnt about the summit, but maybe it will be a bit of light
>> relief ... or maybe not ;)
>> Just wondering if anyone can advise on open source licences compatibility.
>> I'm _not_ asking for strict legal 'you wont be sued' advice (although
>> obviously that would be great;) just pragmatic feedback.
>> Background for those who've read this far:
>> The Zed Attack Proxy is based on Paros which was licensed under the
>> Clarified Artistic Licence.
>> We now include other components which are licensed under a variety of
>> other ways, like Apache v2, LGPL.
>> I dont really care what open source licence we use as long as it means
>> people feel comfortable using ZAP in any way they want (apart from
>> selling it;) and we dont abuse the licences of the other components we
>> use.
>> We currently use Apache v2, but one of the other devs is worried that
>> might clash with some of the other licences.
>> Any thoughts?
>> Many thanks,
>> Psiinon
> Hi Psiinon,
> I've always been a little concerned about the relicensing of Paros from
> Clarified Artistic to something else. You have to be very careful to make
> sure that licenses are compatible, and even then, the action of taking
> someone's code and relicensing it is generally considered to be anti-social.
> e.g. taking BSD code and relicensing it under the GPLv2 is technically
> allowed, but it caused some ruckus between the OpenBSD devs and the Linux
> kernel devs when code from OpenBSD was relicensed as GPLv2.
> Rogan

More information about the OWASP-Leaders mailing list