Re: [Plugins-writers] On the copyright of the Nessus reports...

From: John Q. Public (tpublic@private)
Date: Thu Dec 11 2003 - 08:30:55 PST

  • Next message: sullo@private: "Re: [Plugins-writers] On the copyright of the Nessus reports..."

    On Thu, 11 Dec 2003, Javier Fernandez-Sanguino wrote:
    
    | Sure, I would think that, at least, acknowledgement to whomever 
    | produced the plugin text would be in order. See below.
    
    I disagree.  I don't think the best part of the plugin is the output.  What
    should be protected first is the code.  Perhaps the output can be protected
    all at once by a single blanket claim, but I have no idea what the foreign
    language translations of my output are so I sure as heck don't want to take
    credit for it.
    
    | I think that maybe it would be best if a footer was added to reports 
    | generated by Nessus (in readable formats) and a header or footer 
    | comment in "non-readable" (nbe/nsr) which came around and said:
    | 
    | "The text in this report is copyrighted by the respective authors of 
    | the plugins that provide it (please, see the source code for more 
    | information) and is distributed under the GPL. You must have a copy of 
    | the GPL in your copy of Nessus, if not, please retrieve it from
    | http://www.gnu.org/licenses/licenses.html#GPL. Notice that this text 
    | is _not_ in the public domain."
    
    I do like that idea, though leaning towards my concern for the code and not
    the output, I envision: "This report and it's contents were generated by
    functions and procedures that are protected by the GPL..."
    
    | I think the relevant sections on the GPL faq are:
    
    Frankly, I haven't the time to peruse the GPL, so I don't mind if I get
    voted down.  Just trying to put a twist in the whole thing, but I don't
    intend to cause any fury.
    
    | Notice that I'm not thinking here of a company making use of a Nessus 
    | report without acknowleging the work of others (which might be the 
    | case sometimes) but I'm also thinking of a company which makes a 
    | commercial/propietary vulnerability scanner and retrieves "our" 
    | description for vulnerabilities, ways to mitigate, solutions and 
    | includes them in their engine.
    
    Hmm, I hadn't thought about that.  If someone were to come up with their own
    scanner (or otherwise become lazy) taking the output from our plugins for
    their scanner's use sure would be rude.
    
    | "If you find any evidence of NASL plugins using copyrighted text which 
    | has not been produced by its author please contact Renaud Deraison and 
    | ask for its removal with the following information: the offending NASL 
    | plugin, the copyright owner for the text/code, as well as an offer to 
    | show evidence to demonstrate the fact." [1]
    
    This is a good idea, just to prove we're not going to be hipocritical and
    knowingly steal anything from anyone else.
    
    | Javi
    
    .nhoJ
    
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    



    This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 08:33:13 PST