DMCA
DMCA
Posted Dec 6, 2011 23:18 UTC (Tue) by cmccabe (guest, #60281)In reply to: DMCA by corbet
Parent article: C|Net Download.Com accused of bundling Nmap with malware
It's GPLv2, but with some additional provisions:
> To avoid misunderstandings, we consider an application to constitute a
> derivative work for the purpose of this license if it does any of
> the following:
>
> Integrates source code from Nmap
>
> Reads or includes Nmap copyrighted data files, such as nmap-os-db or
> nmap-service-probes.
>
> Executes Nmap and parses the results (as opposed to typical shell or
> execution-menu apps, which simply display raw Nmap output and so are not
> derivative works.)
>
> Integrates/includes/aggregates Nmap into a proprietary executable
> installer, such as those produced by InstallShield.
>
> Links to a library or executes a program that does any of the above.
I mean technically, when you run nmap on Windows, the Windows kernel is loading the nmap binary, which is an nmap-copyrighted file, and executing that binary. "Parsing the results" is a poorly defined term, but it seems clear that there is a back and forth flow of data between the kernel and nmap. Does that mean using nmap on Windows in the first place is a copyright violation? Or if you run nmap in a non-GPLv2 shell and pipe it to grep, is that a license violation? Also, arguably this is an "additional restriction" which the GPL forbids.
I don't think it's even possible to redefine what a "derived work" is inside your license. Isn't that a fundamental part of copyright law, defined in 17 U.S.C. § 101?
These guys sure do know security inside and out, but I'm not optimistic about how well this particular license would hold up in court.
The trademark violation, on the other hand, seems a lot more clear-cut. They should just enforce their trademark. Of course, then Debian will declare it non-free and come out with IceWeaselMap... but that's ok :)
Posted Dec 7, 2011 1:09 UTC (Wed)
by ewan (guest, #5533)
[Link] (6 responses)
No, it GPLv2 plus one exception for OpenSSL. The 'clarifications' are just information about how the authors interpret the phrase 'derived work'. Their interpretation may or may not be correct, but they're not saying that you have to accept their interpretation to get a licence, they're just telling you what it is.
I mean technically, when you run nmap on Windows, the Windows kernel is loading the nmap binary, which is an nmap-copyrighted file, and executing that binary.
You can run GPLv2 software on a proprietary OS - standard OS components are specifically exempted.
I don't think it's even possible to redefine what a "derived work" is inside your license. Isn't that a fundamental part of copyright law, defined in 17 U.S.C. § 101?
US law doesn't hold everywhere, of course, but you're right - the term means what it means, it cannot be redefined, and isn't being.
I'd have thought that the obvious GPL claim here would be that the file that CNet are distributing is clearly a derived work ('interesting' interpretations of that term not withstanding), and so they cannot distribute it unless they make the source to their malware available under the GPL as well.
Posted Dec 7, 2011 7:18 UTC (Wed)
by jku (subscriber, #42379)
[Link] (1 responses)
Posted Dec 7, 2011 11:03 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
So this "clarification" may not stand up in a court of law, but it places distributors on clear notice as to the copyright holder's understanding of the law.
If a term is legally ambiguous, but the defendant knew up-front the interpretation the plaintiff placed on it, then the defendant cannot argue "innocent mistake". They *have* to argue "plaintiff is wrong", which is a lot harder. The "as I understand the law" defence is a lot harder if the plaintiff says "but I told you that's not the way I understand it".
Cheers,
Posted Dec 7, 2011 10:14 UTC (Wed)
by Los__D (guest, #15263)
[Link] (1 responses)
No, it GPLv2 plus one exception for OpenSSL. The 'clarifications' are just information about how the authors interpret the phrase 'derived work'. Their interpretation may or may not be correct, but they're not saying that you have to accept their interpretation to get a licence, they're just telling you what it is. Fyodor doesn't agree with you (even though I do):
Posted Dec 7, 2011 11:35 UTC (Wed)
by ewan (guest, #5533)
[Link]
Posted Dec 7, 2011 19:12 UTC (Wed)
by cmccabe (guest, #60281)
[Link] (1 responses)
> You can run GPLv2 software on a proprietary OS - standard OS components
Good point.
Clearly the malware needs to patch the OS somehow during the install, so that they can legally be in the clear. Microsoft toolbar / nmap parser kernel module, anyone?
People really have to learn to stop downloading from shady third-party repositories... just don't do it.
Posted Dec 7, 2011 22:25 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link]
The more certain you are that organisation (or person) X won't abuse your trust of them, the more valuable it is for X to sell you out to the bad guys, or if X won't sell, the more valuable it is to impersonate X by any means necessary.
Posted Dec 7, 2011 9:59 UTC (Wed)
by gidoca (subscriber, #62438)
[Link]
Posted Dec 7, 2011 14:45 UTC (Wed)
by fuhchee (guest, #40059)
[Link]
That's fine, but the concept of "derivative work" is not up to the fashions of the developer, but up to law.
It's GPLv2, but with some additional provisions:
DMCA
Fyodor doesn't seem to agree with you. I have no idea how that would work but he quite clearly believes the clarifications are part of the license.
DMCA
DMCA
Wol
DMCA
This is exactly why Nmap isn't under the plain GPL.
Our license (http://nmap.org/book/man-legal.html) specifically adds a
clause forbidding software which "integrates/includes/aggregates Nmap
into a proprietary executable installer" unless that software itself
conforms to various GPL requirements (this proprietary C|Net
download.com software and the toolbar don't).DMCA
DMCA
> > is loading the nmap binary, which is an nmap-copyrighted file, and
> > executing that binary.
> are specifically exempted.
DMCA
DMCA
DMCA