[openvas-discuss] OpenVAS DevCon 1 write up

Neil McGovern neilm at openvas.org
Wed Apr 5 20:50:13 CEST 2006

On Wed, Apr 05, 2006 at 08:13:05PM +0200, Javier Fernández-Sanguino Peña wrote:
> - it's not GNU/Debian. The Project is called 'Debian' the OS is called
>   'Debian GNU/Linux' (or 'Debian GNU/Hurd' or 'Debian GNU/kBSD' depending on
>   the kernel).

My mistake for not catching that one, updated.

> - if there are bug fixes in the code from OpenVAS (not name changes) I would
>   appreciate if they were published as separate patchsets and properly
>   labeled to decide if they could be submitted upstream (to Nessus bugzilla)
>   and added to the Nessus packages in Debian too. 
>   If there are Debian-specific bugs they should be sent to the Debian BTS

Don't worry, this'll happen. I hate it when upstream releases random
tarballs, especially for security issues.

> - you mention you are based on the 2.2.5 codebase, Debian currently ships
>   2.2.7 + patches so it would read that you are not tracking Debian's
>   unstable packages 
> - ditto for the plugins, I've made significant changes to the 2.2.7 set of
>   (GPL) plugins and nobody here seems to be tracking those either
>   Those look like they have been merged in the CVS, however.

This is wrong on the wiki. I synced the -plugins package and am
preparing the patch for -core at the moment.  We'll be tracking the
Debian packages and using them as 'our upstream' until it gets to a
state when the codebase starts to diverge. Again, updated in the wiki.


> - I'd rather have OpenVAS use libnasl (or nessus-libraries for that matter)
>   than change that too just for naming reasons. That way (in Debian) there
>   wouldn't be that much replicated code

That's the plan. It'll avoid extra work on all our parts :)

> - Marc Haber offered (in private) a while back (November last year) to
>   produce packages for OpenVAS. Maybe it's worth contacting him to get
>   OpenVAS packages in unstable as soon as there is a release.

Brill, thanks! I'm happy to co-maintain this too. How about a maintaince
team (as this seems to be the current hot topic on -devel etc)?

A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20060405/7da6c76f/attachment.asc>

More information about the Openvas-discuss mailing list