[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nmap license

Sorry for the late response; I'll avoid re-hashing points. Assume for a moment that this 'clarification' is sensical and valid:

 * o Integrates source code from
Nmap                                      *

I think we'd generally consider that restriction free, and it would be in line with how we normally interpret the GPL.

 * o Reads or includes Nmap copyrighted data files, such
as                *
 *   nmap-os-fingerprints or
nmap-service-probes.                          *

"Includes" would be the same as above.

"Reads" is, IMO, not OK, as that would not normally be considered a derived work, and thus this restriction would contaminate other software.

As a side note, under Feist, it's questionable if a fingerprint file is copyrightable (in the US, again).

 * o Executes
Nmap                                                         *

I don't believe this would normally be a derived work, either, especially in the US considering Lotus v. Borland.

 * o Integrates/includes/aggregates Nmap into an executable
installer      *

"integrates" is probably a derivative work normally, but aggregates may not be (and is explicitly excluded by the GPL...).

So, can we not put nmap on a d-i disc?

 * o Links to a library or executes a program that does any of the
above   *

The executes is again questionable.

* *
 * The term "Nmap" should be taken to also include any portions or
derived *
 * works of Nmap.  This list is not exclusive, but is just meant
to        *
 * clarify our interpretation of derived works with some common
examples.  *

This sentence ("just meant to clarify our interpretation") is confusing me. I'm not sure how it should be read (or how a court would read it). I suspect a court may attempt to use these clarifications, and treat it as part of the license grant.... After all, it is clearly the intention of the granting party.

 * These restrictions only apply when you actually redistribute Nmap.
For *
 * example, nothing stops you from writing and selling a
proprietary       *
 * front-end to Nmap.  Just distribute it by itself, and point people
to   *
 * http://www.insecure.org/nmap/ to download

Most interesting, because if these were truly derivative works of nmap the GPL would not allow this.

Reply to: