Ben Hutchings writes ("Re: nmap license is incompatible with GPL"): > On Tue, 2018-04-10 at 11:42 +0200, Ansgar Burchardt wrote: > > The license in particular also forbids front-ends parsing nmap's output > > that are released under a license not compatible with nmap's: ... > > > - Is designed specifically to execute Covered Software and parse the > > > results (as opposed to typical shell or execution-menu apps, which > > > will execute anything you tell them to). > > +--- > > This is an interesting legal theory, and I would be interested to hear > whether any free software lawyer agrees with it. (And the distinction > they try to draw is so unclear that I really doubt a court would want > to rule on it.)
Personally I think under English law such things, when distributed with nmap, would be part of a work as a `whole' (within the meaning of the antepenultimate para in GPL s2) and would have to be distributed under the GPL2 even if nmap was under the vanilla GPL2. Absent the explicit statement to the contrary later in the licence, these provisions therefore add nothing and the resulting licence would be GPL2-compatible. I appreciate that this is not a very popular view. > > This means packages such as `nmapsi4`, `python-nmap`, `lsat`, `nikto`, > > `zabbix`, `oscinventory-agent`, `fusioninventory-agent-task-network` and > > possibly others which are licensed under the GPL-2 (some with or-later) > > do not conform to nmap's license requirements... > > > > I plan to file RC bugs against these packages soon; this thread can > > serve as a central place for discussions. > > I think we should determine that either: > > 1. This provision is not enforceable, and we don't need to do that. > 2. This provision is enforceable, it is a restriction on use, and it > makes nmap non-free. The provision is certainly not a restriction on use. It's a restriction on the licences of software which is intimately designed to work with nmap, and accompany it, and is best seen as extensions or embeddings of nmap. It's only a restriction on distribution; users can do what they want. I haven't looked at the packages above but many of them seem specifically to be libraries for using nmap, or ways of embedding nmap. The fact that the licence is not, on its face, compatible with nmap's, is probably a mistake. We should ask the upstreams to "for clarity" dual-licence their code under (i) their existing licence (ii) the nmap licence. And we need to check the rdepends. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.