On Sat, Jan 22, 2005 at 03:52:14PM +0100, Florian Weimer wrote: > > Tenable claims that the GPL has never applied to their plugins, only > to the plugins that were explicitly released under the GPL.
That claim is really not true, since the "Nessus Script License" was (until recently) equivalent to the GPL. All plugin developers (me included) have contributed stuff to plugins based on that. Licensing of plugins has been discussed previously in the nessus-plugins mailing lists, there was even a discussion back in 2001 when Renaud was considering changing its license, please read: http://archives.neohapsis.com/archives/apps/nessus/2001-q2/0434.html In that mail upstream (i.e. Renaud) explicitly says that the plugins are distributed through the GPL. > >From what information do you infer this? > > The plugins I'm most interested in are: (..) Those plugins are (c) Tenable or Renaud. Notice that there is no license statement in the source code and that they are distributed in 2.1.0 (in ftp.nessus.org) with a 'COPYING' file that states they _are_ GPLd. If upstream does want to relicense these plugins (which it can do, as it has (c) on them) then they should also repackage all of those available in the public ftp server. So far, they have not done such a thing. The license issues with the plugins are there, however, in the 2.2.2a and 2.3 release (not packaged in Debian). The plugins distributed with 2.3 have a different license (the new one "Tenable's Public License") but that contradicts the license in the code of some of the plugins (both NASL scripts and .c plugins). It is also incompatible with the GPL and that makes some plugins status unclear (specifically .c plugins which are compiled with libnasl). Again, this applies to 2.3 and 2.2.2a, not to earlier releases. As for NASL scripts, here is the breakdown of licenses in 2.3: - BSD 1 - GPL 455 - Nessus Script License 5188 - UNLICENSED 295 This is not the first time upstream has changed a license to a package (check out OpenBSD's pf [1] and Xfree86) but, IMHO, license changes do not apply to whatever was distributed (and still is) with a different license. Copyright holders obviously can re-license stuff, but they've had no interest in doing it (as the public ftp shows). The situation of Nessus in Debian, whoever, could change if all the source code at ftp.nessus.org where to be relicensed (which is not the case yet). I just hope upstream will divide the nessus-plugins tar into a GPL and non-gpl archive to help distributions decide which part are or aren't distributable. Regards Javier [1] slashdot.org/article.pl?sid=01/06/25/1557213
signature.asc
Description: Digital signature