[Owasp-leaders] Open source licence advice

Matt Tesauro matt.tesauro at owasp.org
Thu Jan 27 21:22:54 EST 2011


On great resource for FLOSS developers is the Software Freedom Law
Center (http://www.softwarefreedom.org/). They provide legal advice to
FLOSS software developers (like yourself) for free.  There's an email
address to send questions on their contact page:

I've sent them legal questions in the past and gotten good responses
from them.  Granted it may take a couple of days and your answer may be
US centric since they are in the US.  However, the advice they provide
is good - particularly about FLOSS licensing so it seems like a perfect
fit for your question(s).

I'm not sure where you're located but in you have concerns about your
jurisdiction, they may also be aware of a similar group in the EU or
where ever you may be.  HTH.


-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

On 01/27/2011 05:33 AM, psiinon wrote:
> Hi Dirk, Rogan,
> I've _tried_ to make it clear that I'm not changing any existing
> licences (and I know I cant).
> The wording I've used (on the About Box) is:
> "ZAP is a fork of the open source Paros product developed by Chinotec
> Technologies Company.
> The Paros code is Copyright (C) 2003-2005 Chinotec Technologies
> Company and is licenced under the Clarified Artistic License as
> published by the Free Software Foundation.
> This product includes softwares developed by the Apache Software
> Foundation licensed under Apache License 2.0. HSQLDB is licensed under
> BSD license.  JDIC is licensed by Sun Microsystems, Inc under the LGPL
> license. The Copyrights of these softwares belong to their respective
> owners."
> But I realise this may not be correct / sufficient etc.
> Psiinon
> On Thu, Jan 27, 2011 at 11:10 AM, Rogan Dawes <rogan at dawes.za.net> wrote:
>> On 2011/01/27 11:59 AM, psiinon wrote:
>>> Hi folks,
>>> OK, so this isnt about the summit, but maybe it will be a bit of light
>>> relief ... or maybe not ;)
>>> Just wondering if anyone can advise on open source licences compatibility.
>>> I'm _not_ asking for strict legal 'you wont be sued' advice (although
>>> obviously that would be great;) just pragmatic feedback.
>>> Background for those who've read this far:
>>> The Zed Attack Proxy is based on Paros which was licensed under the
>>> Clarified Artistic Licence.
>>> We now include other components which are licensed under a variety of
>>> other ways, like Apache v2, LGPL.
>>> I dont really care what open source licence we use as long as it means
>>> people feel comfortable using ZAP in any way they want (apart from
>>> selling it;) and we dont abuse the licences of the other components we
>>> use.
>>> We currently use Apache v2, but one of the other devs is worried that
>>> might clash with some of the other licences.
>>> Any thoughts?
>>> Many thanks,
>>> Psiinon
>> Hi Psiinon,
>> I've always been a little concerned about the relicensing of Paros from
>> Clarified Artistic to something else. You have to be very careful to make
>> sure that licenses are compatible, and even then, the action of taking
>> someone's code and relicensing it is generally considered to be anti-social.
>> e.g. taking BSD code and relicensing it under the GPLv2 is technically
>> allowed, but it caused some ruckus between the OpenBSD devs and the Linux
>> kernel devs when code from OpenBSD was relicensed as GPLv2.
>> Rogan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list