Bug#323420: License issues with metasploit-framework
Hi, there is an open ITP on metasploit-framework (#323420), and the
owner Luciano asked me to contact this list about some of the license
issues involved with the package.
At the moment the framework is at version 2, and is released under a
dual license of GPL v2 and Perl Artistic.
There are a lot of contributed files in the package. Most have the
following header
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
and some have no license header. There are a few that say the following
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
There is one with
* The contents of this file constitute Original Code as defined in and
* are subject to the Apple Public Source License Version 1.1 (the
* "License"). You may not use this file except in compliance with the
* License. Please obtain a copy of the License at
* http://www.apple.com/publicsource and read it before using this file.
*
* This Original Code and all software distributed under the License are
* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
* License for the specific language governing rights and limitations
* under the License.
which the archives seem do suggest is not DFSG-free.
There is a zlib implementation with the following license
===
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must
not
claim that you wrote the original software. If you use this
software
in a product, an acknowledgment in the product documentation would
be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must
not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source
distribution.
===
And my favourite
# Yo yo, this be da socketNinja.
# Alpha-2.0 release
# Distribute and get a visit from tireIronNinja
which I don't think is free.
There are also binary files distributed in the tarball, these are not
meant to be compiled, as they are for executing on the target computer.
I'm not sure how this sits, as they are obviously not the preferred form
of modification, and some don't include the source they were compiled
from.
Now, we could contact upstream and get them to include proper headers
etc., but I wanted to know how much of this was unsuitable for
distribution, as if it leaves a severely crippled package then it's not
really worth it.
Also upstream are working on version 3 which is in alpha now. The decided
to change the license to The Metasploit Framework License v1.0.
http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3
===
The Metasploit Framework License v1.0
Copyright (C) 2006 Metasploit LLC
Definitions
a. "License" means this particular version of this document (or,
where specifically indicated, a successor iteration of the License
officially issued/announced by the Developer).
b. "Software" means any software that is distributed under the terms
of this License.
c. "Extension" means any enhancement to the Software that does not
require modification of the Software itself. "Extensions" include any
module or plug-in that is intended (by design and coding) to, or can, be
dynamically loaded by the Software.
d. "Developer" means the then-current copyright holder(s) of the
Software, including, but not limited to, the Metasploit personnel and
any third-party contributors (or their successor[s]/transferee[s])).
e. "Documentation" means any end user, technical/programmer, network
administrator, or other manual(s), tutorial(s), or code sample(s)
provided or offered by Developer with the Software, excluding those
items created by a third party.
f. "Use" means to download, install, access, copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly, with or
without notice or knowledge of the Software's incorporation or
utilization in any larger application or product).
g. "You" means the individual or organization that is using the
Software under the conditions of the License.
h. "Interface" means to execute, parse, or otherwise benefit from
the use of the Software.
i. "Interaction Software" means any external software program or
library that interfaces with, but is not a component or subset of, the
Software.
License Grants
1. Provided that You both agree to and do comply with any and all
conditions and requirements in this License, You are granted the
non-exclusive rights specified in this License. Use of any of the
Software in any form and to any extent signifies acceptance of this
License. If You do not agree to all of these terms, then do not use the
Software and immediately remove all copies of the Software, the
Documentation, and any other items provided under the License.
2. Provided that -each- of the following necessary, express
conditions are met, You may copy and distribute the Software:
a. The Software that You received is distributed unmodified,
including but not restricted to You maintaining (and not supplementing,
removing, or modifying) the same copyright, trademark notices and
disclaimers in the exact wording as released by the Developer.
b. The Software is distributed without any charge, beyond (at
Your option) the reasonable costs of data transfer or storage media. You
may -not- (i) sell, lease, rent, or otherwise charge for the Software,
(ii) include any component or subset of the Software in any commercial
application or product, or (iii) sell, lease, rent, or otherwise charge
for any appliance (i.e., hardware, peripheral, personal digital device,
or other electronic product) that includes any component or subset of
the Software.
3. You -may- use the Software to provide some service(s) and charge
for the service(s), provided that the recipient of the service is
clearly informed in writing (including via electronic notice or
on-screen display, without paper notice) of both (a) the existence,
name/trademark, and use of the Software in relation to the service and
(b) where the recipient of the service may obtain a copy of the Software
(e.g., refer them to www.metasploit.com).
4. You may make modifications (i.e., additions) to the Software and
distribute Your modifications, but solely in a form that is -separate-
from the Software, such as patches. The following restrictions apply to
modifications:
a. Modifications must not alter, supplement, or remove any
copyright, trademark, or other proprietary right(s) or legal notices or
licensing terms displayed by or provided with the Software.
b. When any modification to the Software is released by You
under this License, You hereby grant and agree to grant a non-exclusive
royalty-free right, to both (i) the Developer and (ii) any of
Developer's later licensees, successors, or partners, to distribute Your
modification(s) in future versions of the Software provided that such
versions remain available under the terms of this License (or any other
later-adopted license(s) of the Developer).
5. You may develop Extensions to the Software and distribute these
Extensions under any license You see fit, as long as -each- of the
following conditions are met:
a. The Extension, when installed with the Software, must -not-
modify any of the behavior (change the display, modify the available
commands, etc) of the Software until the user explicitly requests (e.g.,
by invoking or exercising a command or feature are a screen display or
other express notification of the new code's existence and function)
that the Extension should be activated.
b. The Extension may programmatically execute (e.g., call a
method) code provided by this Software, but may not include or create
copies of the Software (modified or otherwise) in the Extension itself.
c. The Extension may -not- modify the user interface or output
of the Software such that the Software copyright(s), licensing terms, or
title of the Software is/are no longer visible to the user or are
changed or supplemented.
6. You may develop external software components that interface with
the Software and distribute these components, provided that -each- of
the following conditions are met:
a. The external software component is distributed without any
charge beyond the reasonable costs of data transfer or storage media.
You may not sell the external software component or sell an appliance
that includes the software component.
b. The external software component clearly indicates to the
user, via the user interface and/or program output, both (a) the role of
the Software in the component and (b) where the user may obtain a copy
of the Software.
c. The external software component does not modify, supplement,
or obscure the user interface or output of the Software such that the
title of the Software, the copyrights and trademark notices in the
Software, or the licensing terms of the Software are removed, hidden, or
made less likely to be discovered and read.
Online Updates
The Software includes the ability to download updates (i.e.,
additional code) from the Developer's server(s). These updates may
contain bug fixes, new functionality, updated Documentation, and/or
Extensions. When retrieving these updates, the Software may transmit the
Software version and operating system information from Your computer to
the update server. The server may record (store) this information, in
conjunction with the IP (global Internet Protocol) address of the user,
in order to attempt to maintain accurate end user / version statistics.
By using the online update feature, You hereby agree to allow this
information to be transmitted, recorded, and stored in any nation by or
for the Developer.
Proper Use
As an express condition of this License, You agree that You will use
the Software -solely- in compliance with all then-applicable local,
state, national, and international laws, rules and regulations as may be
amended or supplemented from time to time, including any then-current
laws and/or regulations regarding the transmission and/or encryption of
technical data exported from or imported into Your country of residence.
Violation of any of the foregoing may result in immediate, automatic
termination of this License without notice, and may subject You to
state, national and/or international penalties and other legal
consequences.
Copyright and Trademark
Product names, words or phrases mentioned in this License or the
Software may be trademark(s) or servicemark(s) of the Developer
registered in certain nations and/or of third parties. You may not alter
or supplement the copyright or trademark notices as contained in the
Software.
License Termination
This License is effective until terminated. This License will
terminate immediately without notice from the Developer if You breach or
fail to comply with any provision of this License. Upon such termination
You must destroy the Software, all accompanying written materials, and
all copies thereof.
Limitations of Liability
In no event will the Developer, any contributor, owner, or licensee,
or any third party affiliated with Developer be liable to You or any
third party for any consequential, incidental, indirect or special
damages whatsoever (including, without limitation, loss of expected
savings, loss of confidential information, presence of viruses, damages
for loss of profits, business interruption, loss of business information
and the like or otherwise) or any related expense whether foreseeable or
not, arising out of the use of or inability to use or any failure of the
Software or accompanying materials, regardless of the basis of the claim
and even if the Developer or a Developer's representative has been
advised of the possibility of such damage, and even in the event of the
failure of an exclusive remedy. You hereby acknowledge, by using the
Software, the reasonability of this liability limitation provision, that
Developer would not offer the Software without the inclusion and
enforceability of this provision, and that You (and not the Software)
are solely responsible for Your network, data, and application security
testing, planning , audits, updates, and training, which require regular
analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS IS with NO
WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY,
TITLE, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend the Developer and
Developer's owners, contributors, agents, and business partners from and
against any and all claims or actions including reasonable legal
expenses that arise or result from Your use of or inability to use the
Software. Developer agrees to notify You and reasonably cooperate with
Your defense of any third party claim triggering such indemnification.
Miscellaneous
If any part of this License is found void and unenforceable, it will
not affect the validity of the balance of the License, which shall
remain valid and enforceable to the maximum extent according to its
terms.
Choice of Law; Venue
The License will be construed, interpreted and governed by the laws
of Texas, USA, without regard to its conflict of law rules. Any
litigation related to this License must be filed and heard in the courts
for Travis County, Texas.
To download version 3.0 of the Metasploit Framework, you must
acknowledge your acceptance of this license by clicking the 'Accept this
License' button below.
===
The webpage requires a click through of this license to get the source.
How does this license look? If it is DFSG-free, then the best option is
probably to package this version.
Apologies for dumping everything here, but I want to be clear about the
legal issues before proceeding.
Thanks,
James
--
James Westby
jw+debian@jameswestby.net
http://jameswestby.net/
Reply to: