[Openvas-distro] Fwd: [Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED
bchandra at secpod.com
Mon Dec 15 14:20:22 CET 2008
It is a very old vulnerability; I think we can remove that.
From: openvas-distro-bounces at wald.intevation.org
[mailto:openvas-distro-bounces at wald.intevation.org] On Behalf Of Jan-Oliver
Sent: Monday, December 15, 2008 3:19 AM
To: openvas-distro at wald.intevation.org
Subject: Re: [Openvas-distro] Fwd:
On Sunday 14 December 2008 13:07:32 Jan Wagner wrote:
> He guys ... maybe you want to have a look into it! :)
3 lines below the stange "PRORIETARY" line the file
/* The contents of this file may be disclosed to third */
/* parties, copied and duplicated in any form, in whole */
/* or in part, without the prior written consent of LSD. */
and later on
#define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison"
The plugin is about some IRIX object server, CVE-2000-0245.
Should we simply remove this plugin?
Yes, we try book keeping of Licenses.
We won't be able to make situation perfect in short time though.
Are we hence out of business with Debian?
> ---------- Forwarded Message ----------
> Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes
> Date: Sunday 14 December 2008 11:14
> From: Thomas Viehmann <ftpmaster at debian.org>
> To: Joey Schulze <joey at infodrom.org>, Debian OpenVAS Maintainers
> <openvas-distro-deb at wald.intevation.org>
> Cc: Debian Installer <installer at ftp-master.debian.org>
> Hi Joey,
> unfortunately openvas-plugins package seems to need some major
> work auditing copyrights and licenses for each and every file.
> Most likely upstream wants to look into what the ship,
> "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ...
> might not align with their free software ideas, either.
> If you have influence on upstream, I'd also recommend
> bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3
Openvas-distro mailing list
Openvas-distro at wald.intevation.org
More information about the Openvas-distro