Zenoss 2.5.0 – License Audit result
The project’s primary license is identified on Zenoss’ website as the GPL. Our audit identified a plethora of sub-components licensed mainly under permissive licenses compatible with the GPL, or dual-licenses where one of the licenses was compatible with the GPL. We did, however, identify the following issues:
Several files were licensed under GPL version 3, which is incompatible with the project’s primary license. This means that distributing the code under GPL version 2 is highly likely to be illegal, unless Zenoss provides a clarification on why GPL v3′ copyleft effect does not create an incompatibility. This is possible with proper engineering planning that isolate the GPL v3 components, but we have not found any evidence that would show Zenoss considered the issue.
We also found several files licensed only for non-commercial use. After consulting with the author of several of these, we received his confirmation that they are licensed under the Python license. Zenoss, however, claims they are licensed under the ZPL. The situation remains unclear but we would advise use of the Python license given that the copyright holder has indicated this to be the right license. Several other files, however,seem to indeed be licensed a non-commercial license. These are mainly demo script files meaning that their removal is advisable as it resolves the licensing issue but does not break Zenoss.
We have attempted to engage in dialogue with Zenoss regarding the identified issues, but they stopped dialogue after initial discussions.
In conclusion, we consider Zenoss’s licensing to be mediocre, and the IPR risk moderate.