Framework License

[hdm at metasploit.com (H D Moore)]

The License Randy refers to is the new Metasploit Framework License that 
applies to version 3.0 and up only. The entire text of the draft license 
is attached, this is still not final. This license was posted to the 
framework-beta list over the weekend and will be run by the lawyers this 
week.

On Monday 23 January 2006 08:55, Randy Flood wrote:
>   0.  What is the overall goal of  the license?  

1) Allow the Framework to remain open-source, free to use, and free to 
distribute.

2) Allow module and plugin developers to choose their own licensing terms.

3) Prevent the Framework from being sold in any form or bundled with a 
commercial product (software, appliance, or otherwise).

4) Ensure that any patches made to the Framework by a third-party are made 
available to all users.

5) Provide legal support and indemnification for Framework contributors.

>  Is it to make the framework easy to commercialize?
Exact opposite.

>  It  kind of sucks to think that Microsoft or whoever could buy the
> framework, and kill it, and no one could fork off an Open Source
> version of it. 

The license allows you to continue redistributing unmodified versions of 
the Framework, along with a patch set that contains your modifications, 
regardless of who 'owns' the Framework. So you can't fork it, but a 
commercial buy out can't prevent you from using it and continuing to 
improve it. There is no easy way to allow for the 'fork' issue without 
negating the other terms (prevent modified versions from being 
distributed, etc).

> I'd prefer to see a license where any modifications had 
> to be provided back to the project, but where new versions of the
> framework could be made and distributed.

Patches can be distributed along with the unmodified version, this isn't 
perfect, but any further rights make enforcement of the other items 
really difficult.

>     1. When you say that the license is permanent until terminated,
> that implies that you can terminate the license at any time for anyone.

The termination clause needs some work. The goal is to terminate the 
license only if the terms of the license have been violated. 

>     2.  The definition of software is circular.  Don't you want to
> define it more along the lines of source code, executables, libraries,
> (documentation?) etc?  But, be careful, many people would like to
> generate shellcode using the Framework and then distribute it in other
> applications.  I'd like to see exploits called out specifically as
> modifiable and redistributable under either the Creative Commons
> License, or the license specified by the component developer. 

Exploits, payloads, and plugins are defined as 'Extensions' and have a 
separate clause that defines their terms. The licensing decision is left 
entirely to the developer. 

> Specifically, at least one exploit was released under the GPL which I
> think prohibits you from making additional restrictions on its
> distribution.

The authors of all third-party contributions are being contacted about the 
new license. The choices they have are:

1) Allow us to place their work under the new license.
2) Allow us to distribute their work with the Framework under the license 
of their choice.
3) State that they do not want their work to be included with the 
Framework distribution.

Something to keep in mind is that during the 'port' process, we are 
actually rewriting most of the modules, in many cases from scratch.

> I want the ability to customize any exploit in the 
> framework, so that I can try to make them less likely to be detected by
> IDS systems or whatever.  Can I do that?

Of course. You can do anything you want to with the Framework, provided 
that you don't release a modified version of the Framework in a way to 
violates the license for the core Framework or the module you modified. 
If your modification kicks ass, send us a patch and we will include it in 
the next release or update.

>     3.  What if I want to develop an alternative user interface or
> enhancement, but find that the framework itself would need modified in
> order to do so? 

You may develop the UI and distribute as a patch, at least until we 
include that in the core Framework.

> It would be nice to be able to do this, but it appears 
> to be prohibited, or at the very least cumbersome to implement under
> the license.

Distribution is prohibited, not internal development. The 'cvs diff' 
command is easy to use :-)

>     4. I think you should permit people to make modifications, but
> prohibit them from distributing them.

That is exactly the intent, if that isn't clear, we need to modify the 
license so it is. 

>       5.  I think that rather than relying on the License being imposed
> when you use the software, you should rely on it being imposed for
> anyone who distributes the software. 

The definition of "Use" at the top of the license covers this.

> 6. You need something that says if any one section of the license is
> deemed illegal, or unenforeble or whatever, that the remaining
> provisions are still binding.

Done. You may have seen an older version of the license, the latest draft 
is attached.

-HD

PS. The term 'Metasploit' is now a registered trademark. This is a 
defensive measure to prevent commercial products from using this name for 
marketing purposes. 
-------------- next part --------------
The Metasploit Framework License v1.0

Copyright (C) 2006 METASPLOIT.COM


Definitions

a. "License" means this particular version of this document.

b. "Software" means any software that is distributed under the terms of 
this License.

c. "Extension" means any enhancement to the Software that does not require 
modification of the Software itself. Extensions include any module or 
plugin that can be dynamically loaded by the Software.

d. "Developer" means the copyright holders of the Software, including, but 
not limited to, the Metasploit Project staff, and any third-party 
contributors.

e. "Documentation" means any manuals, tutorials, or code samples provided 
with the Software.

f. "Use" means to download, install, access, copy, execute, sell, or 
otherwise benefit from the Software.

g. "You" means the individual or organization that is using the Software 
under the conditions of the License.

h. "Interface" means to execute, parse, or otherwise benefit from the of 
the Software.

i. "Software Component" means any program or library that interfaces with 
the Software.


License Grants

1. You are granted the non-exclusive rights set forth in the License 
provided you agree to and comply with any and all conditions in the 
License. Use of the Software, in any form, signifies acceptance of the 
License. If you do not agree to these terms, do not use the Software and 
immediately remove all copies of the Software, the Documentation, and any 
other items provided under the License.

2. You may copy and distribute the Software provided that the following 
conditions are met:

a. The entire package is distributed unmodified, including - but not 
restricted to - copyright, trademark notices and disclaimers, as released 
by the Developer.

b. The Software is distributed without any charge beyond the costs of data 
transfer or storage media. You may not sell the Software, include any 
component of the Software in a commercial application, or sell an 
appliance that includes any component of the Software.

3. You may use the Software to provide a service and charge for this 
service, provided that the the recipient of the service is clearly 
informed of the use of the Software in relation to the service and where 
they may obtain a copy of the Software.

4. You may make modifications to the Software and distribute your 
modifications, in a form that is separate from the Software, such as 
patches. The following restrictions apply to modifications:

a. Modifications must not alter or remove any copyright notices or 
licensing terms displayed or provided with the Software.

b. When modifications to the Software are released under this license, a 
non-exclusive royalty-free right is granted to the Developer to 
distribute your modification in future versions of the Software provided 
such versions remain available under these terms in addition to any other 
license(s) of the Developer.

5. You may develop Extensions to the Software and distribute these 
Extensions under any license you see fit, as long as the following 
conditions are met:

a. The Extension, when installed with the Software, must not modify the 
behavior of the Software until the user requests that the Extension 
should be activated.

b. The Extension may programatically execute code provided by this 
Software, but may not include copies of the Software (modified or 
otherwise) in the Extension itself.

c. The Extension may not modify the user interface or output of the 
Software such that the Software copyrights, licensing terms, or title of 
the Software are no longer visible to the user.

6. You may develop software components that interface with the Software 
and distribute these components, provided that the following conditions 
are met:

a. The software component is distributed without any charge beyond the 
costs of data transfer or storage media. You may not sell the software 
component or sell an appliance that includes the software component.

b. The software component clearly indicates to the user, via the user 
interface or program output, the role of the Software in the component 
and where the user may obtain a copy of the Software.

c. The software component does not modify the user interface or output of 
the Software such that the title of the Software, the copyrights and 
trademark notices in the Software, or the licensing terms of the Software 
are removed.

Online Updates

The Software has the ability to download updates from the Developer's 
servers. These updates may contain bug fixes, new functionality, updated 
Documentation, or Extensions. When retrieving these updates, the Software 
may transmit the software version and operating system information to the 
update server. The server may record this information, in conjunction 
with the IP address of the user, in order to maintain accurate 
statistics. By using the online update feature, you hereby agree to allow 
this information to be transmitted and recorded by the Developer.

Proper Use

You agree that you will use the Software in compliance with all applicable 
local, state, national, and international laws, rules and regulations, 
including any laws regarding the transmission of technical data exported 
from your country of residence. Violation of any of the foregoing may 
result in immediate termination of this License, and may subject you to 
state, national and/or international penalties and other legal 
consequences.

Copyright and Trademark

Product names, words or phrases mentioned in this agreement may be 
trademarks or servicemarks of the Developer. You may not alter or change 
the copyright or trademark notices as contained in the Software.

License Termination

This License is effective until terminated. This License will terminate 
immediately without notice from the Developer if you fail to comply with 
any provision of this License. Upon such termination you must destroy the 
Software, all accompanying written materials, and all copies thereof.

Limitations of Liability

In no event will the Developer be liable to you for any consequential, 
incidental, indirect or special damages whatsoever (including, without 
limitation, loss of expected savings, loss of confidential information, 
presence of viruses, damages for loss of profits, business interruption, 
loss of business information and the like), whether foreseeable or not, 
arising out of the use of or inability to use the Software or 
accompanying materials, regardless of the basis of the claim and even if 
the Developer or a Developer's representative has been advised of the 
possibility of such damage.

No Warranty

The Software and this license document are provided AS IS with NO WARRANTY 
OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY AND 
FITNESS FOR A PARTICULAR PURPOSE.

Indemnification

You agree to indemnify, hold harmless, and defend the Developer from and 
against any and all claims or actions, including legal expenses, that 
arise or result from your use of the Software.

Miscellaneous

If any part of this License is found void and unenforceable, it will not 
affect the validity of the balance of the License, which shall remain 
valid and enforceable according to its terms.

Choice of Law

The License will be construed, interpreted and governed by the laws of 
Travis County, Texas, USA, without regard to its conflict of law 
provisions.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060123/a490b54f/attachment.pgp>