Nmap Development mailing list archives
Revisiting the Nmap Public Source License
From: Fyodor <fyodor () nmap org>
Date: Tue, 26 Mar 2013 18:43:57 -0700
Hi Folks. Long time members of this list may recall my proposal in 2006 to better formalize Nmap's open source license. Right now the license is basically a mishmash of GPLv2 with several paragraphs of clarifications and exceptions. It is confusing to people, and it is also missing some important provisions of newer open source licenses. So back in 2006, I created an "Nmap Public Source License" which is still based on GPLv2, but also contains key provisions from other open source licenses. I posted the request for comments to this list here: http://seclists.org/nmap-dev/2006/q4/126 The annotated version of the license is here: http://nmap.org/nmap/npsl/npsl-annotated.html The new license is very similar to the current one[1] in function, but I think it has better structure. Nobody really complained about the new license, so I decided to get some more legal review and then make the change. Then I, uh, sort of dropped the ball for 7 years. I get very excited about Nmap's technical direction, but legal stuff like this (while incredibly important) isn't my passion. And it is too easy to just say "I'll do it next month" and then pretty soon "I should research the new Mozilla Public License 2 and GPLv3 first" before taking any action and then, before you know it, 7 years have passed :). So the Nmap Public Source License may not be perfect, but I think it is better than the current mish-mash. My suggestion is that we switch to that for now. We can touch it up later if needed, but I don't want to delay this for any more years. I did make one change today, related to installers which download Nmap over the Internet at runtime. I hope that will help prevent fiascos such as Download.com distributing trojan Nmap installers[2]. The license change would only apply to future versions of Nmap, not 6.25 and earlier. And since I know licenses can be a touchy subject, I'll wait a couple weeks to collect feedback before making any change. Cheers, Fyodor [1] https://svn.nmap.org/nmap/COPYING [2] http://insecure.org/news/download-com-fiasco.html _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Revisiting the Nmap Public Source License Fyodor (Mar 26)
- Re: Revisiting the Nmap Public Source License Jan-Oliver Wagner (Mar 27)
- Re: Revisiting the Nmap Public Source License Fyodor (Mar 27)
- Re: Revisiting the Nmap Public Source License Jan-Oliver Wagner (Mar 28)
- Re: Revisiting the Nmap Public Source License Claudio Moretti (Mar 28)
- Re: Revisiting the Nmap Public Source License Jan-Oliver Wagner (Mar 28)
- Re: Revisiting the Nmap Public Source License Claudio Moretti (Mar 28)
- Re: Revisiting the Nmap Public Source License Jan-Oliver Wagner (Mar 27)