Seeking approval for inclusion of Scapy in global-requirements
OpenStack legal-discuss, Hello, my name is Nate Johnston and I work primarily on OpenStack neutron. I am currently working on a new feature to permit or restrict traffic based on ethertype. This is a change that has security implications, because it allows us to restrict certain types of network traffic that we have ignored until now - specifically ethertypes other than IPv4, IPv6 and ARP within an L2 broadcast domain. In order to properly test this functionality I needed to create packets with custom ethertypes and test their arrival or non-arrival. The best tool for this is the 'scapy' library, which is licensed GPL v2. This would be a testing-only usage, and would not be used at runtime, so per the Licensing Requirements page I am seeking approval from you. The requirements change where I have requested this is [1]; the homepage for the Scapy project is [2]. Thanks, Nate Johnston [1] https://review.opendev.org/#/c/671776/ [2] https://scapy.net/
On 2019-07-22 18:39:03 +0000 (+0000), Nate Johnston wrote: [...]
The best tool for this is the 'scapy' library, which is licensed GPL v2. This would be a testing-only usage, and would not be used at runtime, so per the Licensing Requirements page I am seeking approval from you. [...]
I'm no lawyer, but I don't think it's a matter of permission in this case. It's widely known that FSF considers[*] the Apache License version 2 and the GNU General Public License version 2 as having incompatible terms, and so software using them should not be linked (for example, as a Python "import" of a GPL2-only library in an Apache licensed application). The Scapy maintainers have already been asked this exact question: https://github.com/secdev/scapy/issues/1547 [*] https://www.gnu.org/licenses/license-list.html#apache2 -- Jeremy Stanley
participants (2)
-
Jeremy Stanley
-
Nate Johnston