On Sat, Feb 16, 2013 at 11:12:18PM +0530, Likitha Shetty wrote: > With commit 87b668b71b34c93e9ba85d4708a1c04f4020f6bf (master) the following > dependency has been added in utils/pom.xml, > <dependency> > <groupId>org.owasp.esapi</groupId> > <artifactId>esapi</artifactId> > <version>2.0.1</version> > </dependency> > > The library used OWSAP EASPI is BSD licensed [1]. > [1] > http://code.google.com/p/owasp-esapi-java/source/browse/tags/releases/2.0_rc10/LICENSE-CONTENT?r=1861 > > > Thank you, > Likitha >
Likitha, I've added it to the legal docs in master, but I need you to follow up on something. There is confusion about which license is applicable for this software. On their google code site, it's linked to the BSD 3-Clause license. On their project site [3], the license is only noted as being BSD (with a link to the wikipedia entry, which for the record, explains the different types). In their pom [2], the license is listed as the 2-Clause style. I believe that we should use the one noted in the POM, since that's what gets pulled into the build machine and packaged. However, can you please ask the developers which is accurate? -chip [1] http://code.google.com/p/owasp-esapi-java/ [2] http://search.maven.org/#artifactdetails%7Corg.owasp.esapi%7Cesapi%7C2.0.1%7Cjar [3] https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
