On Thu, Jul 11, 2024 at 11:45 AM David Cantrell <dcantr...@redhat.com> wrote:
>
> On 7/11/24 11:19 AM, Richard Fontana wrote:
> > On Thu, Jul 11, 2024 at 10:30 AM Richard Fontana <rfont...@redhat.com> 
> > wrote:
> >>
> >> On Thu, Jul 11, 2024 at 10:05 AM David Cantrell <dcantr...@redhat.com> 
> >> wrote:
> >>>
> >>> Looking at Fedora now we have nmap-7.95 in Fedora 40 as an update and it 
> >>> has:
> >>>
> >>>     License: LicenseRef-NPSL-0.94
> >>
> >> Yes. This is erroneous because `LicenseRef-NPSL-0.94` inaccurately
> >> referred to the license we are now calling `LicenseRef-NPSL-0.92`
> >> (Callaway/Cotton "NPSL") but the license of Nmap changed several more
> >> times in the progression to 7.95.
> >>
> >>> The exception is only for LicenseRef-Nmap and not these NPSL variants, 
> >>> right?  Which means nmap will have to be removed?
> >>
> >> Yes,
> >
> > Actually the Nmap maintainer/licensor has informally offered to let
> > Fedora continue to use `LicenseRef-Nmap` for 7.95 (if I understood
> > what they were saying correctly) so that is a possibility. But clearly
> > not a long-term solution.
>
> This idea makes me somewhat nervous.  Why would Fedora get an exception and 
> not other distributors (or do other distributions also have exceptions)?  And 
> what does that mean for the actual code or patches shared between 
> distributions?  I think unless the license in the source actually changes, 
> taking this route would lead to problems.
>
> Do we know if upstream is open to discussing relicensing to a well-known and 
> established open source license that would still offer the protections and 
> guarantees they want?  That may not be possible.  Reading the LicenseRef-Nmap 
> license I see a contributor agreement, lots of restrictions on derived works 
> and how those are licensed, a patent grant, explicit permission to link with 
> OpenSSL (thanks!), the license is governed by the laws of the State of 
> Washington (ok, sure), an advertising clause if you set up a web site to 
> execute nmap and display results -but then- the very next block says you 
> don't have permission to use the trade names, trademarks, service marks, or 
> product names.
>
> Looking a bit further at Fedora downstreams, I do see that nmap is part of 
> RHEL.  And has been since RHEL-3.  Right now that's inherited via nmap's 
> inclusion in Fedora.  If Fedora were to remove nmap, RHEL would have a 
> decision to make.  I suppose that's fine, we are talking about Fedora here.  
> But we would at least want RHEL to be aware if that change were to happen.

All the distributors that asked got the exception. I believe at one
point it was even publicly stated that everyone could do this without
requesting it after so many asked.






--
真実はいつも一つ!/ Always, there's only one truth!
-- 
_______________________________________________
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to