From Jan-Oliver.Wagner at greenbone.net Fri Mar 27 12:09:22 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Fri, 27 Mar 2009 13:09:22 +0100 Subject: [Nikto-discuss] Nikto not fully GNU GPL? Message-ID: <200903271309.25344.Jan-Oliver.Wagner@greenbone.net> Hello, I noticed that nikto is now in the non-free section in Debian. I've not tracked the rationale fully yet. Is this license change intended by nikto or one of the Debian habits due to possible misinterpretation? Background of my question is that I would like to integrate Nikto more tightly into OpenVAS in the way that the nikto databases and nikto plugins are updated via the OpenVAS feed and ultimately manageable via the OpenVAS-Client(s). Similar to how we support OVAL via ovaldi. Of course this all makes only sense if nikto remains fully Free Software. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From sullo at cirt.net Fri Mar 27 13:43:28 2009 From: sullo at cirt.net (Sullo) Date: Fri, 27 Mar 2009 09:43:28 -0400 Subject: [Nikto-discuss] Nikto not fully GNU GPL? In-Reply-To: <200903271309.25344.Jan-Oliver.Wagner@greenbone.net> References: <200903271309.25344.Jan-Oliver.Wagner@greenbone.net> Message-ID: Hi Jan, thanks for the question. I'll try to explain as best I can. Is this license change intended by nikto or one of the > Debian habits due to possible misinterpretation? > It is not a misinterpretation or a change in the Nikto license. Since version 1.0 of Nikto, the databases (software versions, tests, etc.) have *not* been licensed under the GPL--only the code portions are. There are a lot of arguments for and against this and I have, at times, changed my opinion--but the license has remained unchanged. The primary reason for the restricted license is what I (and others) think is a pattern of abuse by companies with regard to OSS and other "free" resources. Many places feel that "free" (cost) means they can do *whatever* they would like with it, including using software/data as part of their own for-profit tools or even for direct resale. This is not the intent of the GPL, and never was my intent with Nikto. Someone from Debian contacted me a while ago with concerns that Nikto was in the GPL portion of the source tree, but was not 100% compliant. I did not change the license but offered some suggestions (such as not packaging the databases, but allowing the user to run -update on first use), but in the end he decided to include it in the non-free portion of their source tree. > Background of my question is that I would like to integrate > Nikto more tightly into OpenVAS in the way that the nikto databases > and nikto plugins are updated via the OpenVAS feed and ultimately > manageable via the OpenVAS-Client(s). Similar to how we support OVAL > via ovaldi. Of course this all makes only sense if nikto remains fully > Free Software. Ultimately the decision on exactly how Nikto integrates with OpenVAS is in your hands, however I fully support its integration as much and as tightly as possible. The actual DB licenses in question read: # This file may only be distributed and used with the full Nikto package. # This file may not be used with any software product without written permission from CIRT, Inc. Since you are actually calling Nikto (I assume that hasn't changed since the Nessus fork), condition #1 is technically satisfied. As for condtion #2... I guess I need to better understand exactly what you have in mind, but I'm pretty confident we can work out the issue. Lets take the discussion off-list after this, and I'll just post back when we have come to an agreement. Regards, Sullo -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20090327/bb9f93e1/attachment.html