[Openvas-commits] r11909 - trunk/doc/website

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Nov 1 12:14:28 CET 2011


Author: jan
Date: 2011-11-01 12:14:28 +0100 (Tue, 01 Nov 2011)
New Revision: 11909

Modified:
   trunk/doc/website/openvas-cr-59.htm4
Log:
CR59:
Changed implementation concept regarding legacy options. In fact these are not
necessary at all and we save once change process of all NVTs.
Thanks for Thomas Reinke for this idea.


Modified: trunk/doc/website/openvas-cr-59.htm4
===================================================================
--- trunk/doc/website/openvas-cr-59.htm4	2011-10-31 19:07:36 UTC (rev 11908)
+++ trunk/doc/website/openvas-cr-59.htm4	2011-11-01 11:14:28 UTC (rev 11909)
@@ -73,11 +73,14 @@
 <h3>Effects</h3>
 
 <p>
-Replacing security_hole, security_warning and security_note by security_warning
-would mean to break compatibility with all release upto OpenVAS-4.
-Of course temporary legacy handling could be applied.
+No immediate effect for OpenVAS-4 users nor for NVT developers.
 </p>
 
+<p>
+After OpenVAS-4 is retired, NVT developers don't need to consider
+different severity message types anymore.
+</p>
+
 <h3>Design and Implementation</h3>
 
 <p>
@@ -86,19 +89,18 @@
 
 <p>
 As a first step the NASL method security_message() is added.
+However, there is no immediate need to use this function already now.
+In fact it should not be used at all until OpenVAS-4 is retired.
+Then, in one go, all security_note, security_warning and security_hole
+can be renamed to security_message in all of the NVTs.
 </p>
 
 <p>
-The new message can be added to NVTs by using "if defined_func()" and
-call the old functions alternatively.
+For OpenVAS-5, internally the functions security_hole, security_warning
+and security_note are mapped to security_message.
 </p>
 
 <p>
-Once OpenVAS-4 is retired, the all NVTs of the feed can be changed
-to use security_message() only and remove the legacy part.
-</p>
-
-<p>
 It needs to be decided whether the Scanner will add the CVSS
 when a security_message is sent or wether it is entirely left
 to the client (the Manager) and add the CVSS when receiving
@@ -119,9 +121,19 @@
 It is unclear yet whether this is really needed in practice.
 </p>
 
+<p>
+After OpenVAS-4 retired, all (semi-)automated NVT creation needs to be adapted
+to only apply security_message().
+</p>
+
 <h3>History</h3>
 
 <ul>
+  <li> 2011-11-01 Jan-Oliver Wagner &lt;jan-oliver.wagner at greenbone dot net&gt;:<br/>
+    Changed implementation concept regarding legacy options. In fact these are not
+    necessary at all and we save once change process of all NVTs. Thanks for Thomas Reinke
+    for this idea.
+  </li>
   <li> 2011-10-30 Jan-Oliver Wagner &lt;jan-oliver.wagner at greenbone dot net&gt;:<br/>
     Initial text.
   </li>



More information about the Openvas-commits mailing list