Re: New script - http-favicon.nse

[Sullo <sullo () cirt net>]

First off let me say I'm happy to contribute the current db signatures
to nmap's nse script for this--permission is granted from me/CIRT, Inc.,
for the database as it exists today (version 2.003). The restricted
license on Nikto's db files is to prevent commercial abuses of the
datbases, and several people can attest that I've allowed them to be
used (with permission) in other OSS projects.

**********************

However, I wanted to comment on a few messages that I read here that
have a bit of a cavalier attitude towards respecting licenses.

> > > Maybe they are willing to contribute it to nmap?
> > I'd say it is likely, though it is probably unecessary.

I'm not sure how to take that. Licenses must be respected--so it is
definitely necessary. It doesn't matter if the license is OSS or
something really draconian--it needs to be followed (or challenged in
court, I guess!).

> Well, I just fired off an email to a friend of mine who contributed
the hash information to Nikto and Nessus, and he said it was fine
> to use them. I'll have him post directly to the list if that'll help.

To be clear, that only applies to what he originally sent. He can't
grant relicense to Nikto or Nessus data directly. Since I know that more
than one person has contributed to Nikto's, that means not all of them
(but see above).

**********************

As I said from the start, I'm happy to contribute and am glad the
licensing discussion came up, but I want everyone to recognize that just
because something is open source/gpl for the code, it does not mean the
same applies to databases. Additionally, even if it *is* oss/gpl, it
does not mean licenses can be ignored. Maybe I'm reading too much into
the mails?

Anyway, sorry this was a bit OT.

Regards,
Sullo


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org