NMAP is incompatible with Fedora due to its license

The Fedora project team recently released your analysis of the NPSL license to which the network security scanner was recently changed Nmap and concluded that it does not meet the requirements code license for use with the distribution.

Therefore, new versions of Nmap and other packages with NPSL licensed components cannot be included in the official Fedora, EPEL, and COPR repositories.

The reason is the presence in version 0.92 of the license of an article that discriminates against certain categories of users, that is, this license does not meet the open source criteria defined by the OSI (Open Source Initiative).

After review, Fedora has determined that the public source for Nmap
License (NPSL) Version 0.92 is not acceptable for use on Fedora. We
we have updated our "Bad License" list to include NPSL. No software
under that license can be included in Fedora (including EPEL and

The license includes restrictions on "proprietary software companies",
which is an effort restriction field contrary to Open Source.
If future versions of the NPSL are released,

be reevaluated for use in Fedora.

En particular, the NPSL defines restrictions on the use of the code by companies that release proprietary software. In the event that an updated version of the NMAP license is released, Fedora representatives promised to retest and remove the license from the ban list for use in Fedora if the noted deficiencies are corrected in the new version.

All this derives, because Nmap was originally shipped with a modified GPLv2 license, but to as of version 7.90 release which was released in October, Nmap switched to a new NPSL license (Nmap Public Font License).

And even though NPSL is also based on GPLv2, it is better structured, it is clearer and includes exceptions and additional conditions, it is not accepted in the Fedora project.

Differences with licenses traditional doubles boil down to the fact that the GPL + commercial license does not prohibit free use of the GPL code in patented products, it requires compliance with the GPL license, that is, opening the code of modified and related components and this is something that is not marked in NPSL.

Although on the other hand the license offers the possibility of using Nmap code in products with licenses incompatible with GPL after obtaining the permission of the author. NPSL also specifies the need for separate licenses when shipping or using Nmap as part of a proprietary product.

It should also be noted that other distributions are already analyzing the case after Fedora's decision to not include NMAP in its repositories was made public. Meanwhile on Arch Linux have already started talking about it:

It appears that nmap is being distributed under a new license as of version 7.90. The Arch package is marked as GPL2, which was never correct because it used a modified version before. The folks at Fedora have determined the license is not free / not OSD compliant due to ambiguous text (not entirely sure how much this affects Arch). The nmap website states that it has not been certified because it requires an attorney. 
The package should at least be updated to reflect this new license.

Furthermore, on Gentoo they don't seem to have any problem about it:

NPSL is not currently in any of the free license pools. Doing a quick research, it appears to be a similar license to the GPL-2 +. I have not done a review of the differences, but I have never heard that nmap is not free or controversial (and the general rule: "Debian distributes it so they seem to be fine with it and think it is a good license").

Finally If you want to know more about it about the noteyou can check the details on the Fedora project mailing lists.

The link is this. 

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

A comment, leave yours

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   i dont have xD said

    "NPSL is not currently in any of the free license groups"
    How much more are they going to maim Free Software?