Re: [Plugins-writers] licencing

From: Renaud Deraison (deraison@private)
Date: Mon Dec 20 2004 - 01:49:41 PST

On Sun, Dec 19, 2004 at 05:35:33PM -0800, Don Kitchen wrote:
> Renaud Deraison <deraison@private> wrote:
> > > How do I know what license a plugin is under?
> > It's written at the top of the plugin.
> There are many plugins, for example the redhat local security checks, which
> have a Tenable copyright but no information at the top about the license.
> (Provided with the latest 2.2.2a version of nessus.)

See nessus-plugins/TENABLE_LICENSE.txt

> There seems to be a lot of confusion over licensing, and contracting
> information. For example an earlier post which asserted that nasl scripts
> are "linked" to the nasl libraries, and therefore are derivative works that
> must be licensed under the GPL. 

This is correct. However, since Tenable owns the code in libnasl, we
have the right to choose our own licensing.

> I'm not a lawyer but I do read Groklaw, and
> I don't subscribe to that opinion. I suspect that a lot of the activity that
> caused the licensing problem (i.e. what you said about companies regex-
> replacing the name Tenable with their own in the copyrights) is not a result
> of misunderstanding or ignorance of the GPL, but simple indifference and
> downright theft. I'm sure the community will stand behind you if you register
> a few of your copyrights and hit the major offenders with statutory damages
> on an infringement claim ($$$$$$), if it's as blatant as you say.

It is downright theft, especially since the scripts have never been
released under the GPL.

> Registered Feed: 7 day delayed paid feed relicensed under GPL. Purpose of
> contract is to ensure companies understand the rules of the GPL.

There's nothing to prevent redistribution at that point. These companies
do not breach the GPL, they simply defeat its spirit.

The GPL was written to empower the users, so that they can tweak the
software they use to better match their needs. Companies putting GPL
software on a closed system do NOT violate the GPL, they simply found a
loophole in it, and are exploiting it more than happily. This is why our
scripts are not GPL-licensed, and have never been.

> Now, on to the real reason I wanted to write. I noticed that the anonymous
> ftp plugin, which provides a directory listing if one is available, only
> registers a security warning. It seems to me that if a directory listing
> is found, (or to be really fancy, found with /WINNT or /boot, or maybe has
> anything besides /pub, /bin, /home, and /etc) that it should escalate to
> a security hole instead.

This warrants a separate plugin. I'll write it and put it under the GPL,

				-- Renaud
Plugins-writers mailing list

This archive was generated by hypermail 2.1.3 : Mon Dec 20 2004 - 01:50:57 PST