[Owasp-leaders] Open source licence advice

Jerry Hoff jerryhoff at gmail.com
Thu Jan 27 22:28:05 EST 2011

Hi Psiion,

Another solution might be just to contact the copyright holder and ask permission to modify the license. I see the company is Chinotec Technologies - which apparently is a "sister company" to Milescan (milescan.com).

Milescan is located here in hong Kong close to where I live. I think you should email them and ask them if they can give a special dispensation in this case, and if they don't reply I can give them a call or just stop by their offices and see if they'd consider a license modification.

They *did* open source the code so clearly they are an open company and wanting to contribute in a cooperative fashion, so it's reasonable to assume they would be friendly to a license modification.


On Jan 27, 2011, at 7:33 PM, psiinon <psiinon at gmail.com> wrote:

> Hi Dirk, Rogan,
> I've _tried_ to make it clear that I'm not changing any existing
> licences (and I know I cant).
> The wording I've used (on the About Box) is:
> "ZAP is a fork of the open source Paros product developed by Chinotec
> Technologies Company.
> The Paros code is Copyright (C) 2003-2005 Chinotec Technologies
> Company and is licenced under the Clarified Artistic License as
> published by the Free Software Foundation.
> This product includes softwares developed by the Apache Software
> Foundation licensed under Apache License 2.0. HSQLDB is licensed under
> BSD license.  JDIC is licensed by Sun Microsystems, Inc under the LGPL
> license. The Copyrights of these softwares belong to their respective
> owners."
> But I realise this may not be correct / sufficient etc.
> Psiinon
> On Thu, Jan 27, 2011 at 11:10 AM, Rogan Dawes <rogan at dawes.za.net> wrote:
>> On 2011/01/27 11:59 AM, psiinon wrote:
>>> Hi folks,
>>> OK, so this isnt about the summit, but maybe it will be a bit of light
>>> relief ... or maybe not ;)
>>> Just wondering if anyone can advise on open source licences compatibility.
>>> I'm _not_ asking for strict legal 'you wont be sued' advice (although
>>> obviously that would be great;) just pragmatic feedback.
>>> Background for those who've read this far:
>>> The Zed Attack Proxy is based on Paros which was licensed under the
>>> Clarified Artistic Licence.
>>> We now include other components which are licensed under a variety of
>>> other ways, like Apache v2, LGPL.
>>> I dont really care what open source licence we use as long as it means
>>> people feel comfortable using ZAP in any way they want (apart from
>>> selling it;) and we dont abuse the licences of the other components we
>>> use.
>>> We currently use Apache v2, but one of the other devs is worried that
>>> might clash with some of the other licences.
>>> Any thoughts?
>>> Many thanks,
>>> Psiinon
>> Hi Psiinon,
>> I've always been a little concerned about the relicensing of Paros from
>> Clarified Artistic to something else. You have to be very careful to make
>> sure that licenses are compatible, and even then, the action of taking
>> someone's code and relicensing it is generally considered to be anti-social.
>> e.g. taking BSD code and relicensing it under the GPLv2 is technically
>> allowed, but it caused some ruckus between the OpenBSD devs and the Linux
>> kernel devs when code from OpenBSD was relicensed as GPLv2.
>> Rogan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list