nmap; should it really be distributed by RYF certified GNU+Linux distributions?
- Anmelden oder Registrieren um Kommentare zu schreiben
A couple weeks ago I was tinkering with Void GNU/Linux-libre when I found out they do not ship nmap on the regular package repositories, but require the non-free ones enabled in order to install it.
After some digging I found out nmap seems to have a problem with the general public exercising freedoms 0, 2 and 3, so they swapped the licensing terms on version 7.93 to clarify they do not want people selling the software without you paying them some arbitrary sum of money.
Some people claim this is dissuasive, so the software isn't shipped on proprietary distributions or hardware, but they're willing to turn a blind on those that will pay, so if you're some nobody that wants to ship nmap with a GNU+Linux distribution and sell CDs they might have a problem with that, unless you pay them thousands of bucks or reach an agreement (that you ask them permission and they promise to leave you be), but if you're Amazon or Google that can pay these fees anyway you can get away with distributing this with proprietary software.
Why is nmap distributed on Trisquel and Guix repos? Are you guys aware about this issue? Did you guys reach an agreement with these guys so your version is under terms of GPL? Would you guys consider these terms do not go against software freedom in spirit?
I am a translator!
nmap seems to have a problem with the general public exercising freedoms 0, 2 and 3, they swapped the licensing terms on version 7.93 to clarify they do not want people selling the software without you paying them some arbitrary sum of money
I looked at the LICENCE file in the source package for ecne, searching for something like that. I could not see anything related to freedom 0 that would contradict with the GPL. What I could find is:
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Does that b) prevent from selling the copies or derivative works?
That said, Trisquel takes it from Debian, which normally tries sorting out such things, so maybe I misunderstand this.
EDIT: I found https://github.com/nmap/nmap/issues/2199. This gives me the impression that I don't understand the situation so well and that perhaps it would be better to remove nmap from Trisquel, to be cautious.
The Debian FTP Masters have deemed on the 24th of December 2022 that version 0.95 of the NPSL respects the Debian Free Software Guidelines:
We believe that the bug you reported is fixed in the latest version of
nmap, which is due to be installed in the Debian FTP archive.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025650
Little after, Gentoo agreed and added version 0.95 of the NPSL to the MISC-FREE set of licenses:
I believe that NPSL-0.95 addresses both concerns about section 0 (Preamble) and section 3 (Derivative Works):
https://github.com/nmap/nmap/issues/2199#issuecomment-1379568678
https://bugs.gentoo.org/749390#c16
Richard Fontana disagreed, pointing out problems with the "External Deployment" badgeware-ish provision and the section redefining "Derivative Works", and, as a consequence, Fedora does not accept that license: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/539
Neither does openSUSE: https://build.opensuse.org/requests/1141454
In 2021, before version 0.95 was published, an administrator of the Free Software Directory (not a member of the FSF licensing team) deemed the NPSL non-free and there has been no clearer statement coming from the FSF: https://directory.fsf.org/wiki/Talk:Nmap