Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: GPL Clarification

from [M J] Network Security [Permanent Link]
Subject: Re: GPL Clarification
Date: Fri, 7 Jan 2005 09:47:44 -0800 (PST) 
Yes, this has been on the message board before,
however, I am not at all convinced we are getting
consistent information. 

1) There are a numerous amount of plugins the are
state GPL and use the sbm.inc file.

2) I ask Renuad about this and he states "some" are
GPL.

3) I mention three specfic plugins below. He states 
ssh_get_info.nasl and rpm.inc are not GPL. 

However, if you read below, you see Renuad replies a
"yes" to GPL on "some" of the smb_nt.... plugins. 

Also, these GPL plugins use smb_nt.inc.

4)Then you see this in CVS (how convienent on timing):
#####
CVS log for nessus-plugins/scripts/smb_nt.inc
Revision 1.76 / (view) - annotate - [select for diffs]
, Thu Jan 6 17:36:15 2005 UTC (22 hours, 58 minutes
ago) by renaud 
Branch: MAIN 
CVS Tags: HEAD 
Changes since 1.75: +4 -1 lines 
Diff to previous 1.75 
(C) clarification
#####

Does this "(C) clarification" now mean that the
smb.inc
cannot be used to produce GPL plugins?

--- M J <mjamja123@yahoo.com> wrote:


Renuad,

I see plugins using ssh_get_info that are GPL posted
by you in CVS.  So you get to cherry pick/decide
what
plugins are GPL? I know and respect that you have a
MAJORITY in the contribution to Nessus... Haven't
others though too? I see something horribly wrong in
your approach here...

Based on what I have read in GPLv2, I'm coming to
the
conclusion ANYTHING written in NASL should be GPL. A
plugin requires libnasl (which is 100% GPL'd) to
work
correctly or matter of fact to work at all...
Doesn't
that make EVERY plugin GPL (aka Derivative Work)? 

I've been reading GPLv2 over and over here...

It's funny, the ONLY license that came across prior
to
your Dec 7th change is GPLv2. Can you please direct
me
to the license (Pre Dec 7th) that that ACTUALLY
states
otherwise?

I'm sorry, I don't have a lawyer at my side. If I
did,
I wouldn't be asking you for direction on this
issue.
If it takes a lawyer to tell me what I can/can't do
with a supposed/kind of sorta GPL code...we'll
that's
just plain wrong. ESPECIALLY WHEN SOMEONE WANTS TO
APPROPRIATELY CONTRIBUTE TO THE PROJECT!!!

This comes from:


http://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic


I heard that someone got a copy of a GPL'ed program
under another license. Is this possible? 

The GNU GPL does not give users permission to attach
other licenses to the program. But the copyright
holder for a program can release it under several
different licenses in parallel. One of them may be
the
GNU GPL. The license that comes in your copy,
assuming
it was put in by the copyright holder and that you
got
the copy legitimately, is the license that applies
to
your copy. 

I would like to release a program I wrote under the
GNU GPL, but I would like to use the same code in
non-free programs. 

To release a non-free program is always ethically
tainted, but legally there is no obstacle to your
doing this. If you are the copyright holder for the
code, you can release it under various different
non-exclusive licenses at various times. 



--- Renaud Deraison <deraison@nessus.org> wrote:


On Wed, Jan 05, 2005 at 06:52:03AM -0800, M J

wrote:


Hi,


The reason i'm a bit confused here is becuase

you

have

certain plugins (smb_nt_....) that have the

exact

same

code (actual test code not description), however

have

different copyrights and none have the mention

of

GPL.

Based on what I read in GPLv2, I see that kind

of

plugin is a GPL plugin, correct?


Some plugins are released under the GPL, so yes.


My primary concern...
If I write a Fedora check and use the

ssh_getinfo.nasl

and the rpm.inc, do you consider that a GPL

plugin?

ssh_get_info.nasl is not under the GPL. Also if

you

use rpm.inc, you use
Tenable code, so at that point you probably want

to

see with your lawyer
regarding the legality of using the file.


                    -- Renaud





              
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard.

http://promotions.yahoo.com/new_mail 
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus





                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Valid "Empy report" messages?, Erin Carroll
Next by Date:  nessus-update-plugins issue on Solaris X86 Platform, Fred Chi
Previous by Thread:  Re: GPL Clarification, Michel Arboi
Next by Thread:  RE: GPL Clarification, Chris Vaughan
Indexes:  [Date] [Thread] [Top] [All Lists]