After review, Fedora has determined that the Nmap Public Source License (NPSL) Version 0.92[1] is not acceptable for use in Fedora. We have updated our "Bad License" list[2] to include NPSL. No software under that license may be included in Fedora (including EPEL and COPRs).
The license includes restrictions on "proprietary software companies", which is a field of endeavor restriction contrary to the Open Source Definition[3]. If future versions of the NPSL are released, they will be re-evaluated for use in Fedora.
[1] https://nmap.org/npsl/npsl-annotated.html [2] https://fedoraproject.org/wiki/Licensing:Main#Bad_Licenses [3] https://opensource.org/osd
Could the entry for "Nmap license" be clarified? I know the situation is complicated but at first glance it isn't entirely clear that there are two different nmap-related licenses in the list, and the acceptable one comes up first when searching. And perhaps https://fedoraproject.org/wiki/Licensing/Nmap could be updated as well to either discuss both license, or mention explicitly that it applies to the old license and not to the new one.
- J<
On Sat, Jan 9, 2021 at 2:40 AM Jason Tibbitts tibbs@math.uh.edu wrote:
Could the entry for "Nmap license" be clarified? I know the situation is complicated but at first glance it isn't entirely clear that there are two different nmap-related licenses in the list, and the acceptable one comes up first when searching. And perhaps https://fedoraproject.org/wiki/Licensing/Nmap could be updated as well to either discuss both license, or mention explicitly that it applies to the old license and not to the new one.
Done! Thanks for pointing this out.
* Ben Cotton:
After review, Fedora has determined that the Nmap Public Source License (NPSL) Version 0.92[1] is not acceptable for use in Fedora. We have updated our "Bad License" list[2] to include NPSL. No software under that license may be included in Fedora (including EPEL and COPRs).
The license includes restrictions on "proprietary software companies", which is a field of endeavor restriction contrary to the Open Source Definition[3]. If future versions of the NPSL are released, they will be re-evaluated for use in Fedora.
[1] https://nmap.org/npsl/npsl-annotated.html [2] https://fedoraproject.org/wiki/Licensing:Main#Bad_Licenses [3] https://opensource.org/osd
Just to be clear: These changes are the result of the changes to the actual license text, and the previous license is still acceptable to Fedora? (It would theoretically be possible that as part of the review, it became clear that upstream's and Fedora's interpretation of the previous license terms had been different, and upstream's interpretation is incompatible with Fedora's requirements.)
Thanks, Florian
On Mon, Jan 11, 2021 at 5:37 AM Florian Weimer fweimer@redhat.com wrote:
Just to be clear: These changes are the result of the changes to the actual license text, and the previous license is still acceptable to Fedora? (It would theoretically be possible that as part of the review, it became clear that upstream's and Fedora's interpretation of the previous license terms had been different, and upstream's interpretation is incompatible with Fedora's requirements.)
Good question. Yes, the previous license (used with Nmap < 7.90) is still considered acceptable for Fedora.
On Mon, Jan 11, 2021 at 09:44:10AM -0500, Ben Cotton wrote:
On Mon, Jan 11, 2021 at 5:37 AM Florian Weimer fweimer@redhat.com wrote:
Just to be clear: These changes are the result of the changes to the actual license text, and the previous license is still acceptable to Fedora? (It would theoretically be possible that as part of the review, it became clear that upstream's and Fedora's interpretation of the previous license terms had been different, and upstream's interpretation is incompatible with Fedora's requirements.)
Good question. Yes, the previous license (used with Nmap < 7.90) is still considered acceptable for Fedora.
And an update to:
https://github.com/rpminspect/rpminspect-data-fedora/blob/master/licenses/fe...
?
There is currently only this entry:
"Nmap License": { "approved": "yes", "fedora_abbrev": "Nmap", "fedora_name": "Nmap License", "id": "365", "license_text": "", "spdx_abbrev": "", "spdx_name": "", "url": "https://fedoraproject.org/wiki/Licensing/Nmap" },
Thanks,