* Samuel Henrique:
> So now having read a bit more about this whole thing.
>
> The GPL restrictions do seem quite similar to what the NPSL have,
> related to Derivative Works, have a look at this from the FSF
> website[0]:
> """
> What is the difference between an “aggregate” and other kinds of
> “modified versions”?
> ...
> By contrast, pipes, sockets and command-line arguments are
> communication mechanisms normally used between two separate programs.
> So when they are used for communication, the modules normally are
> separate programs. But if the semantics of the communication are
> intimate enough, exchanging complex internal data structures, that too
> could be a basis to consider the two parts as combined into a larger
> program.
> """
An example of such "intimate enough" semantics might be a strictly
interpreted serialization format that is only practical to implement by
generating code from a formal specification such as Protocol Buffers.
For NMAP, there is no 2-way communication. To think that any ad-hoc
parser for NMAP's ad-hoc default output format (see below) makes it a
derivative work is, in my opinion, laughable.
,
| PORT STATE SERVICE
| 21/tcp open ftp
| 80/tcp open http
| 139/tcp open netbios-ssn
| 445/tcp open microsoft-ds
| 515/tcp open printer
| 631/tcp open ipp
| 5431/tcp closed park-agent
| 9100/tcp open jetdirect
`
I have no idea how many such more-or-less such parsers (for the default
or the XML-based format) there are in Debian but I'd be surprised if
even one of those were NSPL-licensed.
>From the reverse dependencies and package descriptions, there are at
least:
- gnome-nettool
- nmapsi4
- some openstack-related packages
- OCS iventory
- OpenVAS
- nikto
- brutespray
- 2 Python libraries
- 1 Perl library
- 1 Golang library
> The DFSG item 9 is also more about contamination by means of
> distribution other than interaction between the tools, as it says:
> "The license must not place restrictions on other software that is
> distributed along with the licensed software. For example, the license
> must not insist that all other programs distributed on the same medium
> must be free software."
>
> Considering both things, I'm inclined to say that the license is
> DFSG-compliant.
I disagree: The NSPL *does* place such restrictions. Consider the last
bullet poiont of section 3:
,
| * Executes a helper program, module, or script to do any of the above.
| This list is not exclusive, but is meant to clarify Licensor's
| intentions with some common examples. Distribution of any works
| which meet these criteria must be under the terms of this license
| (including this Main License Body and GPL), with no additional
| conditions or restrictions. They must abide by all restrictions that
| the GPL places on derivative or collective works, including the
| requirements for distributing their source code and allowing
| royalty-free redistribution.
`
I still think that nmap should go to non-free. I believe (but am not
sure) that this is unproblematic as long as there is not other software
in non-free that is a "derived work" according to the NSPL.
Cheers,
-Hilko
