On Thu, Jul 11, 2024 at 11:45 AM David Cantrell <dcantr...@redhat.com> wrote: > > On 7/11/24 11:19 AM, Richard Fontana wrote: > > On Thu, Jul 11, 2024 at 10:30 AM Richard Fontana <rfont...@redhat.com> > > wrote: > >> > >> On Thu, Jul 11, 2024 at 10:05 AM David Cantrell <dcantr...@redhat.com> > >> wrote: > >>> > >>> Looking at Fedora now we have nmap-7.95 in Fedora 40 as an update and it > >>> has: > >>> > >>> License: LicenseRef-NPSL-0.94 > >> > >> Yes. This is erroneous because `LicenseRef-NPSL-0.94` inaccurately > >> referred to the license we are now calling `LicenseRef-NPSL-0.92` > >> (Callaway/Cotton "NPSL") but the license of Nmap changed several more > >> times in the progression to 7.95. > >> > >>> The exception is only for LicenseRef-Nmap and not these NPSL variants, > >>> right? Which means nmap will have to be removed? > >> > >> Yes, > > > > Actually the Nmap maintainer/licensor has informally offered to let > > Fedora continue to use `LicenseRef-Nmap` for 7.95 (if I understood > > what they were saying correctly) so that is a possibility. But clearly > > not a long-term solution. > > This idea makes me somewhat nervous. Why would Fedora get an exception and > not other distributors (or do other distributions also have exceptions)? And > what does that mean for the actual code or patches shared between > distributions? I think unless the license in the source actually changes, > taking this route would lead to problems. > > Do we know if upstream is open to discussing relicensing to a well-known and > established open source license that would still offer the protections and > guarantees they want? That may not be possible. Reading the LicenseRef-Nmap > license I see a contributor agreement, lots of restrictions on derived works > and how those are licensed, a patent grant, explicit permission to link with > OpenSSL (thanks!), the license is governed by the laws of the State of > Washington (ok, sure), an advertising clause if you set up a web site to > execute nmap and display results -but then- the very next block says you > don't have permission to use the trade names, trademarks, service marks, or > product names. > > Looking a bit further at Fedora downstreams, I do see that nmap is part of > RHEL. And has been since RHEL-3. Right now that's inherited via nmap's > inclusion in Fedora. If Fedora were to remove nmap, RHEL would have a > decision to make. I suppose that's fine, we are talking about Fedora here. > But we would at least want RHEL to be aware if that change were to happen.
All the distributors that asked got the exception. I believe at one point it was even publicly stated that everyone could do this without requesting it after so many asked. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue