For now, nmap has applied its v7.80 license to v7.90 and v7.91.

Source: https://github.com/nmap/nmap/issues/2199

I don't know whether the Arch package has updated to this or uses the license considered proprietary, however. A repackage using the v7.80 license on v7.91 may be required.

The v7.80 license was not the GNU GPLv2, as everyone presumably thought it was; it was actually a custom license derived from the GPL2.

I don't know if anyone has actually audited that custom v7.80 license to ensure it is free, although nobody has seemingly noticed it wasn't GPL2 for years.

nmap also seems to be planning to switch to a different license in the future.

at this point, its not important what arch does - the FSF has
made an explicit request, that we hold at v7.80 until they make
a decision

people have noticed now, that most of the problems with the new
license, were present in the original license too - it may turn
out that parabola should never have had nmap in the first place

this issue has languished too long - i sent a message to the FSDG and FSD mailing lists, and to the FSF licensing team - nmap has been effectively removed from the FSD since january, with this notice:

This software has failed the license review due to a defect in
the official license. We hid the page to prevent accidental
downloads of non-free code while we investigate the issue.

if no formal conclusion is reached soon, i suggest that we blacklist it

https://lists.nongnu.org/archive/html/gnu-linux-libre/2021-07/msg00000.html
https://lists.gnu.org/archive/html/directory-discuss/2021-07/msg00005.html
FSF licensing RT ticket: [gnu.org #1739058]

It's blacklist time :(

Bump:

I think nmap should be blacklisted.
This is a terrible situation; the gnu-linux-libre mailing list shows no sign of even discussing the issue any time soon, upstream doesn't seem to be doing anything about the issue, and worst of all, people have been using a program for years which might have actually been proprietary all along.

I see no reason to keep it around until these issues are at least properly addressed, let alone fixed.

Perhaps we need to raise awareness of the issue in order to inspire enough momentum and motivation for the issue to be fixed.

thanks for reminding - it has been over a year now - i asked about it on the FSDG and FSD mailing lists, and in a direct ticket against the FSF licensing team - there has been no response to any of those inquiries - the FSF has effectively refused to make a decision on the matter, nor to speak of it

in brief, the license is a modified GPL; so the FSF, as the original author of that license, could decide this matter with absolute authority - but for some reason, we are left to decide, each for ourselves, if such a mutant GPL is still libre

i believe that FSDG distros should not be deciding such objective matters, subjectively; but my patience has been exhausted on the matter, and my confidence in the FSF to manage the FSDG is severely damaged as a result - until the FSF has a stable licensing officer again, the only conclusion, is that FSDG distros are on their own, WRT all matters libre, after the initial endorsement - on that unfortunate presumption, i just made the decision for parabola - i personally believe that the NMAP license is non-free; so i deleted it from the parabola system - RIP nmap

i sincerely wish that my personal beliefs were not a relevant factor in such decisions; but the next time i am asked, at least i will have a definitive answer to give now

Shouldn't the libre/nmap package be deleted?

RIP indeed; I have used it in the past under the illusion that it was free. I distinctly remember wanting to map a network with someone else, making a point of checking if it was free before I installed it, in order to demonstrate that freedom matters. I think I found the Wikipedia page which repeated what we now know to be a mistake: that it was licensed under the GNU GPL2, despite it actually being licensed under a derivative of that license which has a worrying probability of actually being proprietary all along.

Needless to say, I don't trust Wikipedia for checking licenses any more, especially after seeing the sheer number of so-called "open source" packages which are actually partially nonfree, or otherwise useless in the free world for one reason or another, piled up in the blacklist.

Looks like I'll have to find a replacement for nmap.

yes the PKGBUILD will go away also - i have several changes to ablibsre in the pipe now

I just noticed nmap-debug will need to be removed, as will vulscan, which depends on nmap. The latter also includes no license file installed on the system, but lists the sources for the data in its readme. From a quick glance I couldn't see any license information for a couple of the databases it includes.

vulscan would not install a license because the license is 'GPL'

any license ID which matches a directory name under /usr/share/licenses/common/, does not need to install a license file