[Fedora-legal-list] Licenses W3AF

Tom "spot" Callaway tcallawa at redhat.com
Tue Apr 6 14:31:13 UTC 2010

On 04/05/2010 02:12 AM, Michal Ambroz wrote:
> Dear list members, 
> I would like to ask regarding licenses for the W3AF (webapplication audit tool) and its suitability for Fedora. 
> I would like to package w3af for Fedora. this software is python application bundled with several 3rd party python libraries.
> It is possible to use system libraries for some of the dependencies, but for some of those it will not be trivial to separate them (that is probably reason why debian package bundles them as well).
> 1) How is it in such situation with compatibility betwen GPL  LGPL other licenses if the software is
> distributed de-facto in a source form ? Is it problem to bundle libraries ?

Well, the answer here is complicated.

For the sake of time, I'm assuming that your licensing assessment is
correct. I've not taken the time to do the audit, and it should be
properly checked during Package Review.

As far as compatibility goes, it would depend on how they are used. In
general, GPLv2 only (aka GPLv2) is incompatible with GPLv3, so at a
minimum, that combination would be a concern.

As to the bundling issue, I would strongly advise that you should try to
unbundle anything that can be unbundled. If anything remains, you'll
need to talk to FESCo to see if they will grant an exception.

> 2) How the license tag in the package should look like?
> Is something like this suitable for the situation ? 
> License: GPLv2 and ( LGPLv3 and LGPLv2 and GPLv2+ and GPLv3 and CC-BY-SA )

Well, even if that was the correct license tag list, it points out the
obvious compatibility concerns.


More information about the legal mailing list