Dailydave mailing list archives
Re: Nmap/Nessus copyright
From: ADT <synfinatic () gmail com>
Date: Fri, 21 Oct 2005 11:58:34 -0700
Basically what I'm hearing is that you consider the first few paragraphs in the COPYING file to be considered part of the license, and having higher precedence over the included GPLv2 text below it. I think we agree that Nmap is *not* licensed under the GPLv2, but basically a customized version of it. My suggestion is that if you don't believe the GPLv2 as written by the FSF provides the protections, rights, restrictions or clarity that you desire for your code, then don't use it. Just rename the license to the "Nmap Public License", and stop saying at the very top that: "This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2." Because that sentence is clearly not your intent, and while you try to "clarify" your intent in the text below, it gets very confusing for people like me who take such statements literally. Frankly, I really wish the FSF did not give you permission to do what you did, because it creates a lot of confusion what the GPLv2 means and I can't possibly know what the "intent" of every author releasing his code under the GPL. As an author of GPL and BSD licensed software, it's important to me that licenses are interpreted consistently so that my users don't have to have long email discussions to figure out what my intent is. And while granting permission to OpenSSL doesn't create any problems (frankly, I'd be ok with you still calling it the GPL if this was the only addendum), the added restrictions of what constitutes a derivative work appears to make Nmap incompatible with other GPL code. Basically, I can't use Nmap code in my own GPL'd applications because now a non-GPL application can't process the output of my application; something that I personally think is ok. Again, I'm ok with you saying I can't do that, I just wish we didn't have to exchange all these emails for me to figure it out. :) Regards, Aaron On 10/21/05, Fyodor <fyodor () insecure org> wrote:
On Fri, Oct 21, 2005 at 12:36:54AM -0700, ADT wrote:In your last email you said:The Nmap license is a modified version of the GPL. The modifications and interpretations are stated up top.Which isn't what the COPYING file says: "We don't consider these to be added restrictions on top of the GPL, but just a clarification of how we interpret "derived works" as it applies to our GPL-licensed Nmap product."Yeah, we consider the "derivative works" part to be simple clarifications of how we interpret the GPL license text. But you can disagree and consider them modifications to the GPL if you wish. When I said "The Nmap license is a modified version of the GPL" above, I was mostly referring to the OpenSSL exception. But again, some people might consider the "derivative works" treatment to be a modification. It is a license requirement in any case.2) Nmap is NOT licensed under the GPLv2 but rather some kind of modified license in which case you shouldn't be saying it's GPL,That is it, and I'm not trying to pass Nmap off as pure GPL. Everyone agrees that it is at least modified to permit linking with OpenSSL. The Nmap download page says ( http://www.insecure.org/nmap/nmap_download.html ): "Nmap is distributed with source code under the terms of the GNU General Public License, with certain clarifications and exceptions noted in the COPYING[link] file." All the terms we've been discussing are included in the COPYING file distributed with Nmap, in the man page, on the web page, at the top of every source file, etc. If anyone has trouble finding the Nmap license, they aren't looking very hard.including the preamble (unless you made arrangements with the FSF beforehand) or mentioning GNU at the end.I have had discussions with the FSF (years ago) about the Nmap license. They seem to be happy with things as they are, but they are certainly welcome to bring up any concerns they might have.Honestly, I understand your *intent* which I fully respect. I just don't understand what the actual license is.Good. Then I hope this mail helps. Maybe I'll work on clarifying the license text at some point, but right now improving and maintaining the code itself is a higher priority. If you have specific suggestions, please send them my way. Cheers, -F
Current thread:
- Re: Sourcefire Acquired by Check Point Software, (continued)
- Re: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 09)
- Re: Sourcefire Acquired by Check Point Software Renaud Deraison (Oct 09)
- RE: Sourcefire Acquired by Check Point Software Dave Korn (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- RE: Nmap/Nessus copyright C. Church (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- Re: Nmap/Nessus copyright ADT (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- Re: Nmap/Nessus copyright ADT (Oct 21)
- Re: Nmap/Nessus copyright Fyodor (Oct 21)
- Re: Nmap/Nessus copyright ADT (Oct 21)
- Re: Nmap/Nessus copyright Paul Wouters (Oct 21)
- Re: Nmap/Nessus copyright Dave Aitel (Oct 21)
- Re: Nmap/Nessus copyright Fyodor (Oct 21)
- Re: Sourcefire Acquired by Check Point Software Michel Arboi (Oct 21)
- RE: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 08)
- RE: Sourcefire Acquired by Check Point Software Cedric Blancher (Oct 08)
- Re: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 08)