[Owasp-leaders] opensource license

Ali Razmjoo ali.razmjoo at owasp.org
Sat Mar 10 22:27:30 UTC 2018


Hello leaders,

a few days ago I've received an email regarding the OWASP Nettacker project
license and I've got a little bit confused.

To whom it may concern,
> I have put an eye on your tool OWASP-Nettacker, which seems really
> interesting and promising.
> However, I have a question about the license used. As a matter of fact,
> you are using Apache 2.0 license, but your tool is using Scapy, for example
> in the library "scan". As you must know, Scapy is GPL 2.0 license, thus
> incompatible with Apache 2.0 products.
> My question is the following :* how did you manage to integrate Scapy
> into your code in a way that the license of Scapy does not interfere with
> OWASP-Nettacker's one ?*
> Thank you in advance

 ************



my answer:


Hello *******,
> Thank you for your question,
> You are right, scapy is a separated tool (lib) and It has its own license,
> In the OWASP Nettacker its completely optional to use scapy library, scapy
> will be used in SYN port scan which the default port scan is based on TCP,
> if the user use --method-args port_scan_stealth=True switch it will use the
> scapy library. Also the OWASP Nettacker doesn't have any official release
> yet and it's under develop, before the first release I will add a file
> regarding the packages license to make the users all aware of dependencies
> licenses.
> Let me know if you have any more questions and any idea regarding the
> licenses to make it works better.
> Sincerely yours,
> Ali Razmjoo



I did not create a release for the project yet and BTW it's gonna take a
while, but should I do anything else more than adding another license file?
there are more libraries I used in the project (mostly GPL license) should
I change my license to GPL too?

I glad if anyone could guide me in here.

Sincerely yours,
Ali Razmjoo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180311/94afb746/attachment.html>


More information about the OWASP-Leaders mailing list