Re: [Plugins-writers] On the copyright of the Nessus reports...

• Previous message: Javier Fernandez-Sanguino: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• In reply to: Renaud Deraison: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• Next in thread: Javier Fernandez-Sanguino: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Renaud Deraison wrote:

> So what I want is to clear up the current grey area by writing a small
> charter regarding the use of the Nessus reports :
> 
> - Hardcopy of the reports are free of use (so that I can not ask Sybex
>   to change a screenshot showing a report in a book published in 1999
>   mentionning Nessus)

Sounds good.

> 
> - Regarding electronic copies and redistribution, the author has the
> right to ask modifications of his text or total removal, and the
> organization/company redistributing the plugin has, say, 30 days, to
> comply. Other than that, the reports are free of use and modifications.

Doesn't look good to me, if you state you are the copyright holder 
then the above is taken for granted.

I would just say:

"Copyright notice:

The generic technical text (explanations of vulnerabilities, 
mitigation facts and solutions) included in this report is copyrighted 
by their respective authors. When not explicitly said, the text 
included in this report is (c) Renaud Deraison.

The copyright authors grant the user of the Nessus tool the right to 
freely use hardcopies of the reports generated by the tool, provided 
this copyright notice is not removed.

The Nessus tool source code is distributed under the GNU GPL license, 
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, 
USA."


That copyright statement pretty much says the above (and much more). 
It might be longer but it can just be a separate page in the report 
(final page). You could turn it into a small footer by removing the 
last two paragraphs, but IMHO having the GPL license statement in the 
reports is not at all bad.

It also prevents rude people in the case you said the report is in the 
public domain from taking it, typing it down (i.e. hardcopy to 
digital) and then use the text to improve/make their vulnerability 
assesment engine/tool/service/whatever.

BTW, I don't see this being done in some other (propietary) tools 
(checked ISS only, IIRC Cybercop didn't do it either), so maybe we're 
going overboard :-)

Regards

Javi


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Next message: Richard Moore: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• Previous message: Javier Fernandez-Sanguino: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• In reply to: Renaud Deraison: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• Next in thread: Javier Fernandez-Sanguino: "Re: [Plugins-writers] On the copyright of the Nessus reports..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 12 2003 - 00:27:37 PST