[Openvas-commits] r494 - trunk/openvas-plugins/audit

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 31 22:30:28 CET 2007

Author: jfs
Date: 2007-10-31 22:30:28 +0100 (Wed, 31 Oct 2007)
New Revision: 494

More information on plugin's licenses

Modified: trunk/openvas-plugins/audit/NOTES
--- trunk/openvas-plugins/audit/NOTES	2007-10-31 21:30:13 UTC (rev 493)
+++ trunk/openvas-plugins/audit/NOTES	2007-10-31 21:30:28 UTC (rev 494)
@@ -1,6 +1,41 @@
-Files that need to be removed from the plugins:
+From the licenses/README.txt of the Nessus plugins distribution:
+Nessus plugins are released under the following licenses :
+- Every plugin copyrighted "Tenable Network Security" is released under
+the terms of the Tenable License (Tenable_License.txt)
+- The plugin os_fingerprint.nasl is released under a BSD-like license
+(see os_fingerprint_license.txt)
+- Every other plugin is released under the version 2 of the GNU General
+Public License (GPLv2.txt)
+These NOTE does not mention, however, that the "Nessus Script License" which
+some plugins held (and still hold) is, and has always been, equivalent to the
+GPL v2 license (the license with which the plugins file was initially
+Take in account that some Nessus releases (previous to the creation of the
+non-free Feed, in 2.2.3) there were plugins which were "(C) Tenable" but were
+included in a distribution package that *only* included the GPL license. Some
+of these plugins have since been removed from the GPL feed so we consider them
+non-free although the retroactive relicensing of a distributed software is
+somewhat dubious.
+In later releases (indeed, up to 2.10) some plugins which were originally GPLd
+and written by people not associated by Tenable were rewritten from scratch by
+Tenable and were licensed only under the "Tenable License". Also, some other
+(GPL) plugins were modified to make them depend (through the use of 'includes')
+on non-free (i.e. Tenable-licensed) include files (for example the
+'snmp_default_communities.nasl' plugin, which is a basic network vulnerability
+The following files need to be removed from the plugins:
 - Files that fit the following regular expressions:
   grep -i  "script_copyright.*Tenable.*" *
@@ -16,3 +51,12 @@
   NOTE: Once the non-free .inc files have been removed the audit script should
   detect those too
+- In some cases an older version of the plugin might be found in previous
+  Nessus releases. These plugins might:
+    - hold a different copyright ownership (not Tenables)
+    - not depend on include files
+  When appropiate, restore the old plugin version instead of just removing
+  the non-free one available.

More information about the Openvas-commits mailing list