Chip, I have posted this question in the OWASP ESAPI mailing list. Will update you as soon as I get a reply.
Thank you, Likitha >-----Original Message----- >From: Chip Childers [mailto:chip.child...@sungard.com] >Sent: Wednesday, February 20, 2013 12:19 AM >To: cloudstack-dev@incubator.apache.org >Cc: Likitha Shetty >Subject: Re: New dependency > >On Sat, Feb 16, 2013 at 11:12:18PM +0530, Likitha Shetty wrote: >> With commit 87b668b71b34c93e9ba85d4708a1c04f4020f6bf (master) the >> following dependency has been added in utils/pom.xml, <dependency> >> <groupId>org.owasp.esapi</groupId> >> <artifactId>esapi</artifactId> >> <version>2.0.1</version> >> </dependency> >> >> The library used OWSAP EASPI is BSD licensed [1]. >> [1] >> http://code.google.com/p/owasp-esapi-java/source/browse/tags/releases/ >> 2.0_rc10/LICENSE-CONTENT?r=1861 >> >> Thank you, >> Likitha >> > >Likitha, > >I've added it to the legal docs in master, but I need you to follow up on >something. > >There is confusion about which license is applicable for this software. >On their google code site, it's linked to the BSD 3-Clause license. On their >project site [3], the license is only noted as being BSD (with a link to the >wikipedia entry, which for the record, explains the different types). >In their pom [2], the license is listed as the 2-Clause style. > >I believe that we should use the one noted in the POM, since that's what gets >pulled into the build machine and packaged. However, can you please ask the >developers which is accurate? > >-chip > >[1] http://code.google.com/p/owasp-esapi-java/ >[2] >http://search.maven.org/#artifactdetails%7Corg.owasp.esapi%7Cesapi%7C2.0.1 >%7Cjar >[3] >https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
