Re: Nmap/Nessus copyright

[ADT <synfinatic () gmail com>]

Basically what I'm hearing is that you consider the first few
paragraphs in the COPYING file to be considered part of the license,
and having higher precedence over the included GPLv2 text below it.  I
think we agree that Nmap is *not* licensed under the GPLv2, but
basically a customized version of it.

My suggestion is that if you don't believe the GPLv2 as written by the
FSF provides the protections, rights, restrictions or clarity that you
desire for your code, then don't use it.  Just rename the license to
the "Nmap Public License", and stop saying at the very top that:

"This program is free software; you may redistribute and/or modify it under the
terms of the GNU General Public License as published by the Free
Software Foundation; Version 2."

Because that sentence is clearly not your intent, and while you try to
"clarify" your intent in the text below, it gets very confusing for
people like me who take such statements literally.

Frankly, I really wish the FSF did not give you permission to do what
you did, because it creates a lot of confusion what the GPLv2 means
and I can't possibly know what the "intent" of every author releasing
his code under the GPL.   As an author of GPL and BSD licensed
software, it's important to me that  licenses are interpreted
consistently so that my users don't have to have long email
discussions to figure out what my intent is.

And while  granting permission to OpenSSL doesn't create any problems
(frankly, I'd be ok with you still calling it the GPL if this was the
only addendum), the added restrictions of what constitutes a
derivative work appears to make Nmap incompatible with other GPL code.
 Basically, I can't use Nmap code in my own GPL'd applications because
now a non-GPL application can't process the output of my application;
something that I personally think is ok.  Again, I'm ok with you
saying I can't do that, I just wish we didn't have to exchange all
these emails for me to figure it out. :)

Regards,
Aaron

On 10/21/05, Fyodor <fyodor () insecure org> wrote:
> On Fri, Oct 21, 2005 at 12:36:54AM -0700, ADT wrote:
> > In your last email you said:
> >
> > > The Nmap license is a modified version of the GPL.  The modifications
> > > and interpretations are stated up top.
> >
> > Which isn't what the COPYING file says:
> >
> > "We don't consider these to be added restrictions on top of the GPL, but
> >  just a clarification of how we interpret "derived works" as it applies
> >   to our GPL-licensed Nmap product."
>
> Yeah, we consider the "derivative works" part to be simple
> clarifications of how we interpret the GPL license text.  But you can
> disagree and consider them modifications to the GPL if you wish.
>
> When I said "The Nmap license is a modified version of the GPL" above,
> I was mostly referring to the OpenSSL exception.  But again, some
> people might consider the "derivative works" treatment to be a
> modification.  It is a license requirement in any case.
>
> > 2) Nmap is NOT licensed under the GPLv2 but rather some kind of
> > modified license in which case you shouldn't be saying it's GPL,
>
> That is it, and I'm not trying to pass Nmap off as pure GPL.  Everyone
> agrees that it is at least modified to permit linking with OpenSSL.
> The Nmap download page says ( http://www.insecure.org/nmap/nmap_download.html ):
>
>   "Nmap is distributed with source code under the terms of the GNU
>    General Public License, with certain clarifications and exceptions
>    noted in the COPYING[link] file."
>
> All the terms we've been discussing are included in the COPYING file
> distributed with Nmap, in the man page, on the web page, at the top of
> every source file, etc.  If anyone has trouble finding the Nmap
> license, they aren't looking very hard.
>
> > including the preamble (unless you made arrangements with the FSF
> > beforehand) or mentioning GNU at the end.
>
> I have had discussions with the FSF (years ago) about the Nmap
> license.  They seem to be happy with things as they are, but they are
> certainly welcome to bring up any concerns they might have.
>
> > Honestly, I understand your *intent* which I fully respect.  I just
> > don't understand what the actual license is.
>
> Good.  Then I hope this mail helps.  Maybe I'll work on clarifying the
> license text at some point, but right now improving and maintaining
> the code itself is a higher priority.  If you have specific
> suggestions, please send them my way.
>
> Cheers,
> -F