Nmap has just released its version 7.93, and it comes with a new license, similar to what it used to be, but it raised people's attention so the license got more scrutiny than ever and that resulted in long threads with no broad consensus.
There have been lots of discussions going on about it, and I think it's better to post the links here and see what people think of it. There doesn't seem to be a consensus on whether or not the license is free overall, but upstream has made changes from feedback received from the discussions. The license seems to be a bit better now, but I should not make a decision just by myself (I'm leaning towards considering it DFSG-compliant but I'm not 100% sure yet). I invite you to have a look at these discussions [0] [1], the latest version of the NPSL [3], and also consider that some of the things discussed have been addressed in the latest version. My understanding is that the trouble revolves around the license talking about proprietary products that ship nmap needing to buy an OEM license, which I don't think it conflicts with the DFSG as this is pretty much like a copyleft license with an extra hint that people can buy the software at a different license if they don't want to respect the copyleft aspect. The discussions started due to some poor wording of that part, which has been changed to address the concerns raised, so it looks fine to me now. Hilko has also done quite a good work reviewing and commenting on the Github issue, although I don't know what his position is on the latest version of the license, so I'm cc'ing him just in case. I think we as the Debian project can contribute a lot by analysing this license and declaring whether or not it is DFSG-compliant. [0] https://github.com/nmap/nmap/issues/2199 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972216 [3] https://nmap.org/npsl/npsl-annotated.html Regards, -- Samuel Henrique <samueloph>
