[Owasp-leaders] Open source licence advice

Dr. Dirk Wetter dirk.wetter at owasp.org
Fri Jan 28 03:07:27 EST 2011

Hi Jerry,

Jerry Hoff schrieb, Am 01/28/2011 04:28 AM:
> Hi Psiion,
> Another solution might be just to contact the copyright holder and ask permission to modify the license. I see the company is Chinotec Technologies - which apparently is a "sister company" to Milescan (milescan.com).
> Milescan is located here in hong Kong close to where I live. I think you should email them and ask them if they can give a special dispensation in this case, and if they don't reply I can give them a call or just stop by their offices and see if they'd consider a license modification.

Just for the record: Milescan is the company which released a commercial
fork of Paros, i.e. ParosPro.

> They *did* open source the code so clearly they are an open company and wanting to contribute in a cooperative fashion, so it's reasonable to assume they would be friendly to a license modification.

Thus it could be that they are not willing to do that. However without
asking one never knows ;-)



PS: Did Milescan ever showed up at an OWASP event or are they involved

> Thoughts?
> On Jan 27, 2011, at 7:33 PM, psiinon <psiinon at gmail.com> wrote:
>> Hi Dirk, Rogan,
>> I've _tried_ to make it clear that I'm not changing any existing
>> licences (and I know I cant).
>> The wording I've used (on the About Box) is:
>> "ZAP is a fork of the open source Paros product developed by Chinotec
>> Technologies Company.
>> The Paros code is Copyright (C) 2003-2005 Chinotec Technologies
>> Company and is licenced under the Clarified Artistic License as
>> published by the Free Software Foundation.
>> This product includes softwares developed by the Apache Software
>> Foundation licensed under Apache License 2.0. HSQLDB is licensed under
>> BSD license.  JDIC is licensed by Sun Microsystems, Inc under the LGPL
>> license. The Copyrights of these softwares belong to their respective
>> owners."
>> But I realise this may not be correct / sufficient etc.
>> Psiinon
>> On Thu, Jan 27, 2011 at 11:10 AM, Rogan Dawes <rogan at dawes.za.net> wrote:
>>> On 2011/01/27 11:59 AM, psiinon wrote:
>>>> Hi folks,
>>>> OK, so this isnt about the summit, but maybe it will be a bit of light
>>>> relief ... or maybe not ;)
>>>> Just wondering if anyone can advise on open source licences compatibility.
>>>> I'm _not_ asking for strict legal 'you wont be sued' advice (although
>>>> obviously that would be great;) just pragmatic feedback.
>>>> Background for those who've read this far:
>>>> The Zed Attack Proxy is based on Paros which was licensed under the
>>>> Clarified Artistic Licence.
>>>> We now include other components which are licensed under a variety of
>>>> other ways, like Apache v2, LGPL.
>>>> I dont really care what open source licence we use as long as it means
>>>> people feel comfortable using ZAP in any way they want (apart from
>>>> selling it;) and we dont abuse the licences of the other components we
>>>> use.
>>>> We currently use Apache v2, but one of the other devs is worried that
>>>> might clash with some of the other licences.
>>>> Any thoughts?
>>>> Many thanks,
>>>> Psiinon
>>> Hi Psiinon,
>>> I've always been a little concerned about the relicensing of Paros from
>>> Clarified Artistic to something else. You have to be very careful to make
>>> sure that licenses are compatible, and even then, the action of taking
>>> someone's code and relicensing it is generally considered to be anti-social.
>>> e.g. taking BSD code and relicensing it under the GPLv2 is technically
>>> allowed, but it caused some ruckus between the OpenBSD devs and the Linux
>>> kernel devs when code from OpenBSD was relicensed as GPLv2.
>>> Rogan
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list