Hi, there is an open ITP on metasploit-framework (#323420), and the owner Luciano asked me to contact this list about some of the license issues involved with the package. At the moment the framework is at version 2, and is released under a dual license of GPL v2 and Perl Artistic. There are a lot of contributed files in the package. Most have the following header ; This file is part of the Metasploit Exploit Framework ; and is subject to the same licenses and copyrights as ; the rest of this package. and some have no license header. There are a few that say the following # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below. In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest # version of the Framework can always be obtained from metasploit.com. There is one with * The contents of this file constitute Original Code as defined in and * are subject to the Apple Public Source License Version 1.1 (the * "License"). You may not use this file except in compliance with the * License. Please obtain a copy of the License at * http://www.apple.com/publicsource and read it before using this file. * * This Original Code and all software distributed under the License are * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the * License for the specific language governing rights and limitations * under the License. which the archives seem do suggest is not DFSG-free. There is a zlib implementation with the following license === This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. === And my favourite # Yo yo, this be da socketNinja. # Alpha-2.0 release # Distribute and get a visit from tireIronNinja which I don't think is free. There are also binary files distributed in the tarball, these are not meant to be compiled, as they are for executing on the target computer. I'm not sure how this sits, as they are obviously not the preferred form of modification, and some don't include the source they were compiled from. Now, we could contact upstream and get them to include proper headers etc., but I wanted to know how much of this was unsuitable for distribution, as if it leaves a severely crippled package then it's not really worth it. Also upstream are working on version 3 which is in alpha now. The decided to change the license to The Metasploit Framework License v1.0. http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3 === The Metasploit Framework License v1.0 Copyright (C) 2006 Metasploit LLC Definitions a. "License" means this particular version of this document (or, where specifically indicated, a successor iteration of the License officially issued/announced by the Developer). b. "Software" means any software that is distributed under the terms of this License. c. "Extension" means any enhancement to the Software that does not require modification of the Software itself. "Extensions" include any module or plug-in that is intended (by design and coding) to, or can, be dynamically loaded by the Software. d. "Developer" means the then-current copyright holder(s) of the Software, including, but not limited to, the Metasploit personnel and any third-party contributors (or their successor[s]/transferee[s])). e. "Documentation" means any end user, technical/programmer, network administrator, or other manual(s), tutorial(s), or code sample(s) provided or offered by Developer with the Software, excluding those items created by a third party. f. "Use" means to download, install, access, copy, execute, sell, or otherwise benefit from the Software (directly or indirectly, with or without notice or knowledge of the Software's incorporation or utilization in any larger application or product). g. "You" means the individual or organization that is using the Software under the conditions of the License. h. "Interface" means to execute, parse, or otherwise benefit from the use of the Software. i. "Interaction Software" means any external software program or library that interfaces with, but is not a component or subset of, the Software. License Grants 1. Provided that You both agree to and do comply with any and all conditions and requirements in this License, You are granted the non-exclusive rights specified in this License. Use of any of the Software in any form and to any extent signifies acceptance of this License. If You do not agree to all of these terms, then do not use the Software and immediately remove all copies of the Software, the Documentation, and any other items provided under the License. 2. Provided that -each- of the following necessary, express conditions are met, You may copy and distribute the Software: a. The Software that You received is distributed unmodified, including but not restricted to You maintaining (and not supplementing, removing, or modifying) the same copyright, trademark notices and disclaimers in the exact wording as released by the Developer. b. The Software is distributed without any charge, beyond (at Your option) the reasonable costs of data transfer or storage media. You may -not- (i) sell, lease, rent, or otherwise charge for the Software, (ii) include any component or subset of the Software in any commercial application or product, or (iii) sell, lease, rent, or otherwise charge for any appliance (i.e., hardware, peripheral, personal digital device, or other electronic product) that includes any component or subset of the Software. 3. You -may- use the Software to provide some service(s) and charge for the service(s), provided that the recipient of the service is clearly informed in writing (including via electronic notice or on-screen display, without paper notice) of both (a) the existence, name/trademark, and use of the Software in relation to the service and (b) where the recipient of the service may obtain a copy of the Software (e.g., refer them to www.metasploit.com). 4. You may make modifications (i.e., additions) to the Software and distribute Your modifications, but solely in a form that is -separate- from the Software, such as patches. The following restrictions apply to modifications: a. Modifications must not alter, supplement, or remove any copyright, trademark, or other proprietary right(s) or legal notices or licensing terms displayed by or provided with the Software. b. When any modification to the Software is released by You under this License, You hereby grant and agree to grant a non-exclusive royalty-free right, to both (i) the Developer and (ii) any of Developer's later licensees, successors, or partners, to distribute Your modification(s) in future versions of the Software provided that such versions remain available under the terms of this License (or any other later-adopted license(s) of the Developer). 5. You may develop Extensions to the Software and distribute these Extensions under any license You see fit, as long as -each- of the following conditions are met: a. The Extension, when installed with the Software, must -not- modify any of the behavior (change the display, modify the available commands, etc) of the Software until the user explicitly requests (e.g., by invoking or exercising a command or feature are a screen display or other express notification of the new code's existence and function) that the Extension should be activated. b. The Extension may programmatically execute (e.g., call a method) code provided by this Software, but may not include or create copies of the Software (modified or otherwise) in the Extension itself. c. The Extension may -not- modify the user interface or output of the Software such that the Software copyright(s), licensing terms, or title of the Software is/are no longer visible to the user or are changed or supplemented. 6. You may develop external software components that interface with the Software and distribute these components, provided that -each- of the following conditions are met: a. The external software component is distributed without any charge beyond the reasonable costs of data transfer or storage media. You may not sell the external software component or sell an appliance that includes the software component. b. The external software component clearly indicates to the user, via the user interface and/or program output, both (a) the role of the Software in the component and (b) where the user may obtain a copy of the Software. c. The external software component does not modify, supplement, or obscure the user interface or output of the Software such that the title of the Software, the copyrights and trademark notices in the Software, or the licensing terms of the Software are removed, hidden, or made less likely to be discovered and read. Online Updates The Software includes the ability to download updates (i.e., additional code) from the Developer's server(s). These updates may contain bug fixes, new functionality, updated Documentation, and/or Extensions. When retrieving these updates, the Software may transmit the Software version and operating system information from Your computer to the update server. The server may record (store) this information, in conjunction with the IP (global Internet Protocol) address of the user, in order to attempt to maintain accurate end user / version statistics. By using the online update feature, You hereby agree to allow this information to be transmitted, recorded, and stored in any nation by or for the Developer. Proper Use As an express condition of this License, You agree that You will use the Software -solely- in compliance with all then-applicable local, state, national, and international laws, rules and regulations as may be amended or supplemented from time to time, including any then-current laws and/or regulations regarding the transmission and/or encryption of technical data exported from or imported into Your country of residence. Violation of any of the foregoing may result in immediate, automatic termination of this License without notice, and may subject You to state, national and/or international penalties and other legal consequences. Copyright and Trademark Product names, words or phrases mentioned in this License or the Software may be trademark(s) or servicemark(s) of the Developer registered in certain nations and/or of third parties. You may not alter or supplement the copyright or trademark notices as contained in the Software. License Termination This License is effective until terminated. This License will terminate immediately without notice from the Developer if You breach or fail to comply with any provision of this License. Upon such termination You must destroy the Software, all accompanying written materials, and all copies thereof. Limitations of Liability In no event will the Developer, any contributor, owner, or licensee, or any third party affiliated with Developer be liable to You or any third party for any consequential, incidental, indirect or special damages whatsoever (including, without limitation, loss of expected savings, loss of confidential information, presence of viruses, damages for loss of profits, business interruption, loss of business information and the like or otherwise) or any related expense whether foreseeable or not, arising out of the use of or inability to use or any failure of the Software or accompanying materials, regardless of the basis of the claim and even if the Developer or a Developer's representative has been advised of the possibility of such damage, and even in the event of the failure of an exclusive remedy. You hereby acknowledge, by using the Software, the reasonability of this liability limitation provision, that Developer would not offer the Software without the inclusion and enforceability of this provision, and that You (and not the Software) are solely responsible for Your network, data, and application security testing, planning , audits, updates, and training, which require regular analysis, supplementing, and expertise. No Warranty The Software and this License document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, TITLE, OR FITNESS FOR A PARTICULAR PURPOSE. Indemnification You agree to indemnify, hold harmless, and defend the Developer and Developer's owners, contributors, agents, and business partners from and against any and all claims or actions including reasonable legal expenses that arise or result from Your use of or inability to use the Software. Developer agrees to notify You and reasonably cooperate with Your defense of any third party claim triggering such indemnification. Miscellaneous If any part of this License is found void and unenforceable, it will not affect the validity of the balance of the License, which shall remain valid and enforceable to the maximum extent according to its terms. Choice of Law; Venue The License will be construed, interpreted and governed by the laws of Texas, USA, without regard to its conflict of law rules. Any litigation related to this License must be filed and heard in the courts for Travis County, Texas. To download version 3.0 of the Metasploit Framework, you must acknowledge your acceptance of this license by clicking the 'Accept this License' button below. === The webpage requires a click through of this license to get the source. How does this license look? If it is DFSG-free, then the best option is probably to package this version. Apologies for dumping everything here, but I want to be clear about the legal issues before proceeding. Thanks, James -- James Westby