

Show HN: Arachni – F/OSS webappsec scanner with integrated browser environment - tasos_laskos
http://www.arachni-scanner.com/

======
martey
I don't think you can actually call this "FOSS". The project has changed
licenses twice, from GPL2 to Apache [1] and then from Apache to some weird
"dual-licensing" scheme. [2]

The current license claims that the project is available under the Apache
license, but only for non-commercial purposes. Frankly, this does not make
sense, since one of the benefits of the Apache license is that it allows
commercial use.

[1]
[https://github.com/Arachni/arachni/commit/9640e16d3bee804c2e...](https://github.com/Arachni/arachni/commit/9640e16d3bee804c2ebd0abaed634de3a0b34b85)

[2]
[https://github.com/Arachni/arachni/commit/0f34578f333d00901d...](https://github.com/Arachni/arachni/commit/0f34578f333d00901dfff700770b34f4f5afa7b9)

~~~
tasos_laskos
The dual licensing scheme isn't that weird, specifying different licenses for
different uses is quite normal.

Also, the Apache license covers plenty of commercial cases, as the terms[1]
state, it's only 2 very specialized deployments that require a non-free
license. Given that 99.x% of deployments and users fall under Apache License
v2, I figured F/OSS would be an accurate description, even though the "F"
doesn't apply to 0.x% of cases.

Still, I don't want to misrepresent the project, so I will rethink my
statements (especially in the website)in general.

[1] For details see: [http://www.arachni-
scanner.com/license/](http://www.arachni-scanner.com/license/)

