[Openvas-distro] Fwd: [Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED

Chandrashekhar B bchandra at secpod.com
Mon Dec 15 14:20:22 CET 2008


It is a very old vulnerability; I think we can remove that.

Chandra.


-----Original Message-----
From: openvas-distro-bounces at wald.intevation.org
[mailto:openvas-distro-bounces at wald.intevation.org] On Behalf Of Jan-Oliver
Wagner
Sent: Monday, December 15, 2008 3:19 AM
To: openvas-distro at wald.intevation.org
Subject: Re: [Openvas-distro] Fwd:
[Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED

On Sunday 14 December 2008 13:07:32 Jan Wagner wrote:
> He guys ... maybe you want to have a look into it! :)

3 lines below the stange "PRORIETARY" line the file
(plugins/objectserver/objectserver.c) says:

"
/*   The contents of this file  may be disclosed to third   */
/*   parties, copied and duplicated in any form, in whole   */
/*   or in part, without the prior written consent of LSD.  */
"

and later on

#define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison"

The plugin is about some IRIX object server, CVE-2000-0245.

Should we simply remove this plugin?



Yes, we try book keeping of Licenses.
We won't be able to make situation perfect in short time though.
Are we hence out of business with Debian?

Best

	Jan
>
> ----------  Forwarded Message  ----------
>
> Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes
REJECTED
> Date: Sunday 14 December 2008 11:14
> From: Thomas Viehmann <ftpmaster at debian.org>
> To: Joey Schulze <joey at infodrom.org>, Debian OpenVAS Maintainers
> <openvas-distro-deb at wald.intevation.org>
> Cc: Debian Installer <installer at ftp-master.debian.org>
>
> Hi Joey,
>
> unfortunately openvas-plugins package seems to need some major
> work auditing copyrights and licenses for each and every file.
> Most likely upstream wants to look into what the ship,
>   "THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF" ...
> might not align with their free software ideas, either.
> If you have influence on upstream, I'd also recommend
> bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3
> licenses.
_______________________________________________
Openvas-distro mailing list
Openvas-distro at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-distro



More information about the Openvas-distro mailing list