Hi Jan, thanks for the question. I'll try to explain as best I can.<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Is this license change intended by nikto or one of the<br>
Debian habits due to possible misinterpretation?<br>
</blockquote><div><br>It is not a misinterpretation or a change in the Nikto license. Since version 1.0 of Nikto, the databases (software versions, tests, etc.) have *not* been licensed under the GPL--only the code portions are. There are a lot of arguments for and against this and I have, at times, changed my opinion--but the license has remained unchanged. The primary reason for the restricted license is what I (and others) think is a pattern of abuse by companies with regard to OSS and other "free" resources. Many places feel that "free" (cost) means they can do *whatever* they would like with it, including using software/data as part of their own for-profit tools or even for direct resale. This is not the intent of the GPL, and never was my intent with Nikto.<br>
<br>Someone from Debian contacted me a while ago with concerns that Nikto was in the GPL portion of the source tree, but was not 100% compliant. I did not change the license but offered some suggestions (such as not packaging the databases, but allowing the user to run -update on first use), but in the end he decided to include it in the non-free portion of their source tree. <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Background of my question is that I would like to integrate<br>
Nikto more tightly into OpenVAS in the way that the nikto databases<br>
and nikto plugins are updated via the OpenVAS feed and ultimately<br>
manageable via the OpenVAS-Client(s). Similar to how we support OVAL<br>
via ovaldi. Of course this all makes only sense if nikto remains fully<br>
Free Software.</blockquote><div><br>Ultimately the decision on exactly how Nikto integrates with OpenVAS is in your hands, however I fully support its integration as much and as tightly as possible. <br><br>The actual DB licenses in question read:<br>
# This file may only be distributed and used with the full Nikto package. <br># This file may not be used with any software product without written permission from CIRT, Inc. <br><br>Since you are actually calling Nikto (I assume that hasn't changed since the Nessus fork), condition #1 is technically satisfied. As for condtion #2... I guess I need to better understand exactly what you have in mind, but I'm pretty confident we can work out the issue. <br>
<br>Lets take the discussion off-list after this, and I'll just post back when we have come to an agreement.<br><br>Regards,<br>Sullo<br clear="all"></div></div><br>-- <br><br><a href="http://www.cirt.net">http://www.cirt.net</a> | <a href="http://www.osvdb.org/">http://www.osvdb.org/</a><br>