Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Revisiting the Nmap Public Source License
From: Henri Doreau <henri.doreau () gmail com>
Date: Tue, 9 Apr 2013 16:06:26 +0200

2013/4/9 Fyodor <fyodor () nmap org>:
On Sun, Apr 7, 2013 at 10:54 AM, Henri Doreau <henri.doreau () gmail com>
To my understanding, having a project-specific license might have the
following drawbacks:

Well, Nmap already has a project-specific license which is GPLv2 modified by
various clarifications and exceptions.  This new license is similar (GPLv2
with various exceptions and additions) but has its own name to make it
easier for people to understand that it is different.

Sure, I know and understand this point. My concerns also apply to our
current license.

That being said, I agree that having our own license (as we do now, and as
would continue with the new license) can be problematic.  It would be better
to find one of the existing open source license which meets our needs and
prevents abuses such as the download.com fiasco.  But GPLv2 by itself
doesn't do it, and I didn't see anything too compelling last time I looked
(5+ years ago).  I'll try to review the other options again, and of course
I'm open to suggestions.  Here is a list of OSI-approved open source



Thanks, I understand it better.

It looks like the GPL still doesn't prevent any kind of inclusion by
proprietary installers[1]. I don't know what's the rationale behind it
(though I'd like to, anyone?). What about Apple store, Android market
and other mobile software distribution systems? As far as I understand
they fall under the definition of installer. Would the proposed NPSL
terms allow them to distribute nmap? (I'm not sure whether they
already can/do).

I have mixed feelings between the protection it would bring to nmap
(which you highlight in the notes on the NPSL page) and the "cost" is
would have (possible unexpected side effects plus these drawbacks
expressed in my former email).

Finally, whatever license is chosen, it seems that having the
possibility to "upgrade" is important. The commonly seen "or any later
version" term can save a lot of trouble[2].


[1] https://www.gnu.org/licenses/gpl-faq.html#GPLCompatInstaller
[2] https://www.gnu.org/licenses/gpl-faq.html#VersionThreeOrLater

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]