[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Nmap Public Source License Version 0.94 - Is it DFSG-compliant?

* Samuel Henrique:

> Nmap has just released its version 7.93, and it comes with a new
> license, similar to what it used to be, but it raised people's
> attention so the license got more scrutiny than ever and that resulted
> in long threads with no broad consensus.

nmap 7.90 with a license similar to the current version was released in
October 2020, almost two years ago. The upstream issue about the license
was started in December 2020, without any resolution.

My analysis posted there in March 2021 still stands: Upstream's broad
definition about what constitutes a "derivative work" (a term that
matters a lot in GPL 2) conflicts with the DFSG #9 "License Must Not
Contaminate Other Software". For example, any program that is designed
to parse NMAP's output would be considered a "derivative work".

The motivation for this peculiar license seems to come from grievances
against producers of commercial, proprietary software and devices that
incorporated NMAP. It has been suggested that upstream switch the
license to AGPL3 instead, but nothing of the sort has happened and I
don't expect such a change to happen anytime soon.

Ignoring the messy license does not seem to be an option and I don't
want us to drop the NMAP package entirely, therefore I think it should
be moved to non-free.


Reply to: