On Wed, 10 Dec 2003, Renaud Deraison wrote: > There are some confusion about the copyright ownership of a Nessus > report. When you think about it, a Nessus report is like a book > regarding the security of your network, and as with every book, there > are limitations to what you can do with it. Unlike a book, Nessus report is an output of a program. In particular, it is an output of a GPLed program. I find it absurd to make the conditions for an output (or portions of it) more restrictive than the conditions for the program itself (traditional copyright vs. GPL). In fact, I could take a report, replace all the "copyrighted strings" with references to Nessus plugins (e.g. 7th string in blabla.nasl, revision 1.23), and give it to anyone together with a GPLed program including the source code of those plugins and reassembling the original text of the report. Or I could even record all responses of tested hosts (and the rest of the environment, e.g. clocks, PRNGs) together with a copy of Nessus (perhaps with some patches to make "playback" possible), and anyone would be able to "replay" the test using the recorded data, and get the same report. This leaves two other choices regarding the authorship of a Nessus report: 1. The report is owned by whoever ran the program. 2. The report is a derived work of the program. The second choice might make some sense for plugins where the wording of the output makes a substantial part of their "value". The program is GPLed, ergo its output, as a derived work of the code, should be GPLed as well. Of course, the application of GPL to a piece of text is somewhat tricky but it is possible: - the requirement to make the source code available can be interpreted as the requirement to make the text always available in a nonproprietary format (e.g. plaintext) (3) - anyone who receives a copy of the text is allowed to redistribute it, both in the original and in the modified form (2) - modified copies of the text must "carry prominent notices" stating they are modified (2c) etc. Also, should any other program reuse such a text, it would be considered to be a derived work of the text and consequently of the original plugin (and "infected" by GPL). Of course, this is what I myself find logical and reasonable. Lawyers, well known for understanding "logical" and "reasonable" in their own wierd ways, might disagree. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 16:37:15 PST