Dailydave mailing list archives
Re: Nmap/Nessus copyright
From: Fyodor <fyodor () insecure org>
Date: Thu, 20 Oct 2005 16:27:14 -0700
On Thu, Oct 20, 2005 at 03:53:56PM -0500, C. Church wrote:
http://www.gnu.org/licenses/gpl-faq.html#GPLOutput "In general this is legally impossible; copyright law does not give you any say in the use of the output people make from their data using your program. If the user uses your program to enter or convert his own data, the copyright on the output belongs to him, not you. More generally, when a program translates its input into some other form, the copyright status of the output inherits that of the input it was generated from."
I agree with this and we don't claim copyright in Nmap output files. There is proprietary software out there that has an option for importing Nmap data files that the user generated. That is OK with me.
It sounds quite analogous to saying that if I call gimp on a picture via command-lines, then the resulting image _must also be GPL'd_.
No, I'm saying that if you sell a proprietary imaging application which includes all of Gimp and much of its functionality involves calling gimp under the covers to do the complex image conversions and manipulations, you better talk to a lawyer (and ideally the Gimp guys) to determine whether your application constitutes a derivative work. Similarly, if you sell a proprietary scanning application/appliance which includes Nmap and uses Nmap to perform essential functions of your scanner, I consider that a derivative work. And I realize that many people have different ideas of what "derivative work" means, so I spell out what I mean in the Nmap license (http://www.insecure.org/nmap/data/COPYING). And that license clearly notes that "our interpretation refers only to Nmap - we don't speak for any other GPL products". It is the whole product which includes Nmap that is the derivative work, not the Nmap output files. If a company doesn't like this, they can open source their product, buy a commercial license, or cease redistributing Nmap and write their own scanner. Also note that this only relates to companies that build a product on top of Nmap. You can still use Nmap to scan whoever you want for free as part of commercial engagements, etc. If I become a tyrant, you can still fork Nmap and distribute your own version. Cheers, -F
Current thread:
- RE: Sourcefire Acquired by Check Point Software, (continued)
- RE: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 07)
- RE: Sourcefire Acquired by Check Point Software Kyle Quest (Oct 08)
- RE: Sourcefire Acquired by Check Point Software Cedric Blancher (Oct 08)
- RE: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 08)
- Re: Sourcefire Acquired by Check Point Software Renaud Deraison (Oct 08)
- Re: Sourcefire Acquired by Check Point Software Frank Knobbe (Oct 09)
- Re: Sourcefire Acquired by Check Point Software Renaud Deraison (Oct 09)
- RE: Sourcefire Acquired by Check Point Software Dave Korn (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- RE: Nmap/Nessus copyright C. Church (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- Re: Nmap/Nessus copyright ADT (Oct 20)
- Re: Nmap/Nessus copyright Fyodor (Oct 20)
- Re: Nmap/Nessus copyright ADT (Oct 21)
- Re: Nmap/Nessus copyright Fyodor (Oct 21)
- Re: Nmap/Nessus copyright ADT (Oct 21)
- Re: Nmap/Nessus copyright Paul Wouters (Oct 21)
- Re: Nmap/Nessus copyright Dave Aitel (Oct 21)
- Re: Nmap/Nessus copyright Fyodor (Oct 21)
- Re: Sourcefire Acquired by Check Point Software Michel Arboi (Oct 21)