Package: nmap Version: 7.91+dfsg1-1 Severity: serious Justification: DFSG (Please downgrade or close if I'm wrong about this. I saw on guix-devel that nmap has a new license and they believe it's non-free, which I agree with, but I'm no expert, and I'm just filing this bug to have more eyes on the issue).
Dear maintainer, The latest nmap is under a new license that seems to go against DFSG § 1 (Free Redistribution) seems to be intended to go against DFSG § 6 (No Discrimination Against Fields of Endeavor), and it could also be argued that it goes against DFSG § 9 (License Must Not Contaminate Other Software). An annotated version of the license is available online here: <https://nmap.org/npsl/npsl-annotated.html> This line from the annotation is pretty clear: | Proprietary vendors: This license does not allow you to redistribute | Nmap source code or the executable for use with your software (stand | alone or on an appliance). We do sell licenses which permit this, | and also include support and updates. Dozens of software vendors | already license Nmap technology such as host discovery, port | scanning, OS detection, version detection, and the Nmap Scripting | Engine. Contact sa...@nmap.com for a quote. I did a cursory reading and the trouble mainly seems to come from the section on derivative works, which has been extended beyond what is commonly accepted in the community. "Licensor interprets that term quite broadly," they write, and annotate it with this: | The idea here is to prevent companies from using open source Nmap in | their proprietary software or appliances. Some have in the past | distributed Nmap executables as part of expensive proprietary | products and refused to make the source available, claiming a | loophole based on strange interpretations of the GPL definition of | derivative and collective works. If companies take value from Nmap, | they need to contribute back to the project and the open source | community by either making their product/project compatible open | source or buying a commercial license. As an example, a proprietary program cannot, according to § 3 of NPSL 0.92, run nmap and parse the output. Even just reading nmap's data files turns a program into a derivative work. I don't think our users would accept us leaving such a copyright land mine in main.
