The nmap package spec specifies "GPL-2.0-or-later". This is clearly wrong. The current packages are licensed under a "Nmap Public Source License". Specifically it which contains restrictions and has not received an OSI compliance reviews. Additionally the project regularly updates the license terms.

So I think we need to do the following:

1. NOT specify an incorrect license. Whether free or note, the license is neither GPL-2.0, nor compatible with it. We could use the "LicenseRef-" prefix or "SUSE-)

* SUSE:SLE-15-SP4:GA/nmap (7.92) --> "LicenseRef-NPSL-0.93" 
* openSUSE:Factory/nmap (7.93) --> "LicenseRef-NPSL-0.93" 
* nmap 7.94 --> "LicenseRef-NPSL-0.95"

2. clarify non-free concerns. The "Proprietary software companies" restrictions reas like making this license no-free. We should talk to legal, or simply move nmap to :NonFree to avoid while this license gets an OSI review.

References:


https://nmap.org/npsl/
https://lwn.net/Articles/842436/
---

https://nmap.org/changelog.html#7.94

Updated the Nmap Public Source License (NPSL) to Version 0.95. This just clarifies that the derivative works definition and all other license clauses only apply to parties who choose to accept the license in return for the special rights granted (such as Nmap redistribution rights). If a party can do everything they need to using copyright provisions outside of this license such as fair use, we support that and aren't trying to claim any control over their work. Versions of Nmap released under previous versions of the NPSL may also be used under the NPSL 0.95 terms. 

From https://nmap.org/changelog.html#7.92

Updated Nmap's NPSL license to rewrite a poorly-worded clause about "proprietary software companies". The new license version 0.93 is still available from https://nmap.org/npsl/. As described on that page, we are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap 7.80 license. Finally, we still offer the Nmap OEM program for companies who want a non-copyleft license allowing them to redistribute Nmap with their products at https://nmap.org/oem/. 

https://nmap.org/changelog.html#7.90

Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a cleaner and better organized version (still based on GPLv2) now called the Nmap Public Source License to avoid confusion. See https://nmap.org/npsl/ for more details and annotated license text. This NPSL project was started in 2006 (community discussion here: https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for 7 years until it was restarted in 2013 (https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted by development again. We still have some ideas for improving the NPSL, but it's already much better than the current license, so we're applying NPSL Version 0.92 to the code now and can make improvements later if needed. This does not change the license of previous Nmap releases.