Renaud Deraison <deraison@private> wrote: > > How do I know what license a plugin is under? > It's written at the top of the plugin. There are many plugins, for example the redhat local security checks, which have a Tenable copyright but no information at the top about the license. (Provided with the latest 2.2.2a version of nessus.) There seems to be a lot of confusion over licensing, and contracting information. For example an earlier post which asserted that nasl scripts are "linked" to the nasl libraries, and therefore are derivative works that must be licensed under the GPL. I'm not a lawyer but I do read Groklaw, and I don't subscribe to that opinion. I suspect that a lot of the activity that caused the licensing problem (i.e. what you said about companies regex- replacing the name Tenable with their own in the copyrights) is not a result of misunderstanding or ignorance of the GPL, but simple indifference and downright theft. I'm sure the community will stand behind you if you register a few of your copyrights and hit the major offenders with statutory damages on an infringement claim ($$$$$$), if it's as blatant as you say. But on licensing confusion - I think the current confusion would be cleared up greatly if we had a comparison of how things will work on the three feeds. For example: Paid feed: Proprietery up to the minute plugins Registered Feed: 7 day delayed paid feed relicensed under GPL. Purpose of contract is to ensure companies understand the rules of the GPL. GPL Feed: Same plugins as downloadable with nessus: updated occasionally from registered feed, plus plugins donated by third parties under GPL. Also same as running update-plugins. Or if this is incorrect, that new plugins written by Tenable will no longer be released with nessus versions, nor ever put on GPL feed, then this would be good to clarify. Now, on to the real reason I wanted to write. I noticed that the anonymous ftp plugin, which provides a directory listing if one is available, only registers a security warning. It seems to me that if a directory listing is found, (or to be really fancy, found with /WINNT or /boot, or maybe has anything besides /pub, /bin, /home, and /etc) that it should escalate to a security hole instead. Regrettably I cannot send these particular diffs as the copyright is owned by a large academic entity for which I have no power to assign copyrights. And given the current situation, I would not want to imply transfer of copyright to anyone. Thanks _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sun Dec 19 2004 - 17:54:48 PST