Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Revisiting the Nmap Public Source License

From: Fyodor <fyodor () nmap org>
Date: Tue, 26 Mar 2013 18:43:57 -0700
Hi Folks.  Long time members of this list may recall my proposal in 2006 to
better formalize Nmap's open source license.  Right now the license is
basically a mishmash of GPLv2 with several paragraphs of clarifications and
exceptions.  It is confusing to people, and it is also missing some
important provisions of newer open source licenses.  So back in 2006, I
created an "Nmap Public Source License" which is still based on GPLv2, but
also contains key provisions from other open source licenses.  I posted the
request for comments to this list here:

http://seclists.org/nmap-dev/2006/q4/126

The annotated version of the license is here:

http://nmap.org/nmap/npsl/npsl-annotated.html

The new license is very similar to the current one[1] in function, but I
think it has better structure.  Nobody really complained about the new
license, so I decided to get some more legal review and then make the
change.  Then I, uh, sort of dropped the ball for 7 years.  I get very
excited about Nmap's technical direction, but legal stuff like this (while
incredibly important) isn't my passion.  And it is too easy to just say
"I'll do it next month" and then pretty soon "I should research the new
Mozilla Public License 2 and GPLv3 first" before taking any action and
then, before you know it, 7 years have passed :).

So the Nmap Public Source License may not be perfect, but I think it is
better than the current mish-mash.  My suggestion is that we switch to that
for now.  We can touch it up later if needed, but I don't want to delay
this for any more years.  I did make one change today, related to
installers which download Nmap over the Internet at runtime.  I hope that
will help prevent fiascos such as Download.com distributing trojan Nmap
installers[2].

The license change would only apply to future versions of Nmap, not 6.25
and earlier.  And since I know licenses can be a touchy subject, I'll wait
a couple weeks to collect feedback before making any change.

Cheers,
Fyodor

[1] https://svn.nmap.org/nmap/COPYING
[2] http://insecure.org/news/download-com-fiasco.html
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: