[openvas-discuss] OpenVAS DevCon 1 write up

Javier Fernández-Sanguino Peña jfs at computer.org
Wed Apr 5 20:13:05 CEST 2006


On Fri, Mar 31, 2006 at 02:33:38AM +0100, Tim Brown wrote:
> All,
> 
> Last weekend, the developers of OpenVAS met in Germany to hack code and 
> discuss how OpenVAS was progressing.  The report from this conference is 
> now - http://www.openvas.org/doku.php?id=devcon_1_write_up - available.  

A few random comments:

- it's not GNU/Debian. The Project is called 'Debian' the OS is called
  'Debian GNU/Linux' (or 'Debian GNU/Hurd' or 'Debian GNU/kBSD' depending on
  the kernel).

- if there are bug fixes in the code from OpenVAS (not name changes) I would
  appreciate if they were published as separate patchsets and properly
  labeled to decide if they could be submitted upstream (to Nessus bugzilla)
  and added to the Nessus packages in Debian too. 
  If there are Debian-specific bugs they should be sent to the Debian BTS

- you mention you are based on the 2.2.5 codebase, Debian currently ships
  2.2.7 + patches so it would read that you are not tracking Debian's
  unstable packages 

- ditto for the plugins, I've made significant changes to the 2.2.7 set of
  (GPL) plugins and nobody here seems to be tracking those either
  Those look like they have been merged in the CVS, however.

- where are all the plugins SecuritySpace wishes to publish?

- database schema: please look at the Nessus mailing list archives, and,
  explicitly at the NESSUS_SQL branch, web browseable at:
  http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-core/doc/database/?only_with_tag=NESSUS_SQL
  Some people already invested time in producing a proper database schema,
  even if that did not get merged into Nessus proper.
  Alternatively, NessusWX and Inprotect have (different) database schemas.

- I'd rather have OpenVAS use libnasl (or nessus-libraries for that matter)
  than change that too just for naming reasons. That way (in Debian) there
  wouldn't be that much replicated code

- Marc Haber offered (in private) a while back (November last year) to
  produce packages for OpenVAS. Maybe it's worth contacting him to get
  OpenVAS packages in unstable as soon as there is a release.


Best regards

Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20060405/ef978927/attachment.asc>


More information about the Openvas-discuss mailing list