From nate.johnston at redhat.com Mon Jul 22 18:39:03 2019 From: nate.johnston at redhat.com (Nate Johnston) Date: Mon, 22 Jul 2019 14:39:03 -0400 Subject: [legal-discuss] Seeking approval for inclusion of Scapy in global-requirements Message-ID: <20190722183903.cf4ol27fqu6ient7@bishop.hsd1.va.comcast.net> OpenStack legal-discuss, Hello, my name is Nate Johnston and I work primarily on OpenStack neutron. I am currently working on a new feature to permit or restrict traffic based on ethertype. This is a change that has security implications, because it allows us to restrict certain types of network traffic that we have ignored until now - specifically ethertypes other than IPv4, IPv6 and ARP within an L2 broadcast domain. In order to properly test this functionality I needed to create packets with custom ethertypes and test their arrival or non-arrival. The best tool for this is the 'scapy' library, which is licensed GPL v2. This would be a testing-only usage, and would not be used at runtime, so per the Licensing Requirements page I am seeking approval from you. The requirements change where I have requested this is [1]; the homepage for the Scapy project is [2]. Thanks, Nate Johnston [1] https://review.opendev.org/#/c/671776/ [2] https://scapy.net/ From fungi at yuggoth.org Wed Jul 24 14:26:16 2019 From: fungi at yuggoth.org (Jeremy Stanley) Date: Wed, 24 Jul 2019 14:26:16 +0000 Subject: [legal-discuss] Seeking approval for inclusion of Scapy in global-requirements In-Reply-To: <20190722183903.cf4ol27fqu6ient7@bishop.hsd1.va.comcast.net> Message-ID: <20190724142615.skhvrknbroshyawi@yuggoth.org> On 2019-07-22 18:39:03 +0000 (+0000), Nate Johnston wrote: [...] > The best tool for this is the 'scapy' library, which is licensed > GPL v2. This would be a testing-only usage, and would not be used > at runtime, so per the Licensing Requirements page I am seeking > approval from you. [...] I'm no lawyer, but I don't think it's a matter of permission in this case. It's widely known that FSF considers[*] the Apache License version 2 and the GNU General Public License version 2 as having incompatible terms, and so software using them should not be linked (for example, as a Python "import" of a GPL2-only library in an Apache licensed application). The Scapy maintainers have already been asked this exact question: https://github.com/secdev/scapy/issues/1547 [*] https://www.gnu.org/licenses/license-list.html#apache2 -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: