[Fedora-legal-list] Licenses W3AF

Michal Ambroz rebus at seznam.cz
Tue Apr 6 18:40:51 UTC 2010 

Hello Tom.
Thank you for your guidance again.
I will start working on packaging dependencies and taking this moloch apart.

Please how it would be with the upstream tarball? What is recommendation?
Is it recommended to repack just core of it for the src.rpm without bundles or
pack the original upstream tarball risking possible license conflicts?

Best regards
Michal Ambroz

< ------------ Původní zpráva ------------
< Od: Tom "spot" Callaway <tcallawa at redhat.com>
< Předmět: Re: [Fedora-legal-list] Licenses W3AF
< Datum: 06.4.2010 16:33:38
< ----------------------------------------
< On 04/05/2010 02:12 AM, Michal Ambroz wrote:
< > Dear list members, 
< > I would like to ask regarding licenses for the W3AF (webapplication audit
< tool) and its suitability for Fedora. 
< > I would like to package w3af for Fedora. this software is python application
< bundled with several 3rd party python libraries.
< > 
< > It is possible to use system libraries for some of the dependencies, but for
< some of those it will not be trivial to separate them (that is probably reason
< why debian package bundles them as well).
< > 
< > 1) How is it in such situation with compatibility betwen GPL  LGPL other
< licenses if the software is
< > distributed de-facto in a source form ? Is it problem to bundle libraries ?
< 
< Well, the answer here is complicated.
< 
< For the sake of time, I'm assuming that your licensing assessment is
< correct. I've not taken the time to do the audit, and it should be
< properly checked during Package Review.
< 
< As far as compatibility goes, it would depend on how they are used. In
< general, GPLv2 only (aka GPLv2) is incompatible with GPLv3, so at a
< minimum, that combination would be a concern.
< 
< As to the bundling issue, I would strongly advise that you should try to
< unbundle anything that can be unbundled. If anything remains, you'll
< need to talk to FESCo to see if they will grant an exception.
< 
< > 2) How the license tag in the package should look like?
< > Is something like this suitable for the situation ? 
< > License: GPLv2 and ( LGPLv3 and LGPLv2 and GPLv2+ and GPLv3 and CC-BY-SA )
< 
< Well, even if that was the correct license tag list, it points out the
< obvious compatibility concerns.
< 
< ~spot
< 
< 
<

More information about the legal mailing list