[Openvas-distro] Fwd: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED

Jan-Oliver Wagner jan-oliver.wagner at intevation.de
Sun Dec 14 22:49:13 CET 2008


On Sunday 14 December 2008 13:07:32 Jan Wagner wrote:
> He guys ... maybe you want to have a look into it! :)

3 lines below the stange "PRORIETARY" line the file
(plugins/objectserver/objectserver.c) says:

"
/*   The contents of this file  may be disclosed to third   */
/*   parties, copied and duplicated in any form, in whole   */
/*   or in part, without the prior written consent of LSD.  */
"

and later on

#define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison"

The plugin is about some IRIX object server, CVE-2000-0245.

Should we simply remove this plugin?



Yes, we try book keeping of Licenses.
We won't be able to make situation perfect in short time though.
Are we hence out of business with Debian?

Best

	Jan
>
> ----------  Forwarded Message  ----------
>
> Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes REJECTED
> Date: Sunday 14 December 2008 11:14
> From: Thomas Viehmann <ftpmaster at debian.org>
> To: Joey Schulze <joey at infodrom.org>, Debian OpenVAS Maintainers
> <openvas-distro-deb at wald.intevation.org>
> Cc: Debian Installer <installer at ftp-master.debian.org>
>
> Hi Joey,
>
> unfortunately openvas-plugins package seems to need some major
> work auditing copyrights and licenses for each and every file.
> Most likely upstream wants to look into what the ship,
>   "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ...
> might not align with their free software ideas, either.
> If you have influence on upstream, I'd also recommend
> bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3
> licenses.


More information about the Openvas-distro mailing list