[Openvas-commits] r3348 - trunk/doc/website

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed May 13 09:26:14 CEST 2009


Author: mwiegand
Date: 2009-05-13 09:26:14 +0200 (Wed, 13 May 2009)
New Revision: 3348

Added:
   trunk/doc/website/openvas-cr-32.htm4
Modified:
   trunk/doc/website/openvas-crs.htm4
Log:
Added CR #32.


Added: trunk/doc/website/openvas-cr-32.htm4
===================================================================
--- trunk/doc/website/openvas-cr-32.htm4	2009-05-13 07:01:46 UTC (rev 3347)
+++ trunk/doc/website/openvas-cr-32.htm4	2009-05-13 07:26:14 UTC (rev 3348)
@@ -0,0 +1,168 @@
+m4_dnl -*-html-*-
+m4_include(`template.m4')
+
+m4_dnl OpenVAS
+m4_dnl $Id$
+m4_dnl Description: OpenVAS Change Request #32
+m4_dnl
+m4_dnl Authors:
+m4_dnl Michael Wiegand <michael.wiegand at intevation.de>
+m4_dnl
+m4_dnl Copyright:
+m4_dnl Copyright (C) 2009 Intevation GmbH
+m4_dnl
+m4_dnl This program is free software; you can redistribute it and/or modify
+m4_dnl it under the terms of the GNU General Public License version 2,
+m4_dnl as published by the Free Software Foundation.
+m4_dnl
+m4_dnl This program is distributed in the hope that it will be useful,
+m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+m4_dnl GNU General Public License for more details.
+m4_dnl
+m4_dnl You should have received a copy of the GNU General Public License
+m4_dnl along with this program; if not, write to the Free Software
+m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+PAGE_START
+<h2>OpenVAS Change Request #32: Discontinuing the tarball releases of openvas-plugins</h2>
+
+<p>
+Status: In discussion.
+</p>
+
+<h3>Purpose</h3>
+
+<p>
+To minimize potential conflicts in the server cache.
+</p>
+
+<p>
+To create additional methods for feed synchronization.
+</p>
+
+<p>
+To reduce the complexity of installing OpenVAS.
+</p>
+
+<h3>References</h3>
+
+<p>
+<a href="http://lists.wald.intevation.org/pipermail/openvas-devel/2009-April/001468.html">Discussion on openvas-devel</a>
+</p>
+
+<h3>Rationale</h3>
+
+<p>
+Currently the OpenVAS test routines ("NVTs", "plugins") are pubslished
+in two ways:
+</p>
+
+<ol>
+<li> Through releases of the openvas-plugins module as a tarball, without
+signatures.
+<li> Through security feeds like the <a href="nvt-feeds.html">OpenVAS NVT
+Feed</a>, with signatures.
+</ol>
+
+<p>
+Due to certain effects of the feed synchronization script, a race condition in
+the server cache is possible if the cache has been generated after a tarball
+installation (or a package installation on a distribution) has taken place, but
+before the local plugin collection has been synced with a security feed. The
+result of this race condition is that the server will use outdated cached
+versions of plugins that have changed in the feed instead of the updated
+version.
+</p>
+
+<p>
+A workaround for the synchronization script has been tried, but resulted in
+disproportionately increasing the time and bandwidth needed to synchronize with
+the feed.
+</p>
+
+<p>
+Furthermore, the current synchronization script relies exclusively on rsync
+being available and being able to connect to the feed server. Especially in
+restricted environments, this may not always be the case.
+</p>
+
+<h3>Suggested Changes</h3>
+
+<p>
+Since the openvas-plugins tarball release does have potential negative side
+effects and is of limited usefulness on its own (all users will probably use a
+synchronization script anyway after installation), this Change Request proposes
+the discontinuation of releases of the openvas-plugins tarball. The parts of the
+openvas-plugins tarball which are not present in the feed (namely, the C based
+plugins and the synchronization script) will be moved to the openvas-server
+package.
+</p>
+
+<p>
+To enable feed synchronization even in restrictive environments, the
+synchronization script should be able to fall back to alternative
+synchronization methods in case synchronization with rsync is not possible. For
+this to be possible, the feed contents have to be made available through other
+protocols (e.g. HTTP, FTP) as well.
+</p>
+
+<h3>Effects</h3>
+
+<p>
+The openvas-plugins module will no longer be released.
+</p>
+
+<p>
+After a server installation, it will be necessary to do an intial
+synchronization with a feed before the server is started for the first time.
+Otherwise, the server will only display no or very few NVTs.
+</p>
+
+<p>
+The feed synchronization script will become more robust and will be able to
+synchronize with the feed even in restrictive networks.
+</p>
+
+<h3>Design and Implementation</h3>
+
+<p>
+There will be final openvas-plugins release. A test will be added to the
+configure environment to make sure it will not install in case openvas-server >=
+2.1.0 is installed, and notify the user that from openvas-server >= 2.1.0 on
+openvas-plugins is not needed anymore.
+</p>
+
+<p>
+The synchronization script and the remaining C-plugins will be moved to
+openvas-server.
+</p>
+
+<p>
+After installation of openvas-server, the user will be notified that he or she
+has to synchronize with a feed service to make openvas-server operational.
+</p>
+
+<p>
+The openvas-server version will be increased to 2.1.0 to indicate
+the change. openvas-server will conflict with any installed openvas-plugins
+module.
+</p>
+
+<p>
+The feed update mechanism will be changed to make the feed available through
+transfer methods beyond rsync as well.
+</p>
+
+<p>
+The synchronization script will be modified to fall back on alternative methods
+in case the synchronization is not possible via rsync.
+</p>
+
+<h3>History</h3>
+
+<ul>
+<li> 2009-05-13 Michael Wiegand &lt;michael.wiegand at intevation.de&gt;:<br>
+     Initial text.</li>
+</ul>

Modified: trunk/doc/website/openvas-crs.htm4
===================================================================
--- trunk/doc/website/openvas-crs.htm4	2009-05-13 07:01:46 UTC (rev 3347)
+++ trunk/doc/website/openvas-crs.htm4	2009-05-13 07:26:14 UTC (rev 3348)
@@ -75,6 +75,7 @@
 <li> <a href="openvas-cr-29.html">OpenVAS Change Request #29: OpenVAS Unified Logging</a> (in discussion)
 <li> <a href="openvas-cr-30.html">OpenVAS Change Request #30: OpenVAS Configuration Management Protocol (OCP)</a> (in discussion)
 <li> <a href="openvas-cr-31.html">OpenVAS Change Request #31: OpenVAS-Server: Remove support for plaintext password storage</a> (in progress)
+<li> <a href="openvas-cr-32.html">OpenVAS Change Request #32: Discontinuing the tarball releases of openvas-plugins</a> (in discussion)
 </ul>
 
 <h3>How to write a change request</h3>



More information about the Openvas-commits mailing list