[Openvas-distro] Fwd: [Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED

Chandrashekhar B bchandra at secpod.com
Mon Dec 15 14:20:22 CET 2008

It is a very old vulnerability; I think we can remove that.


-----Original Message-----
From: openvas-distro-bounces at wald.intevation.org
[mailto:openvas-distro-bounces at wald.intevation.org] On Behalf Of Jan-Oliver
Sent: Monday, December 15, 2008 3:19 AM
To: openvas-distro at wald.intevation.org
Subject: Re: [Openvas-distro] Fwd:
[Openvas-distro-deb]openvas-plugins_1.0.4-1_i386.changes REJECTED

On Sunday 14 December 2008 13:07:32 Jan Wagner wrote:
> He guys ... maybe you want to have a look into it! :)

3 lines below the stange "PRORIETARY" line the file
(plugins/objectserver/objectserver.c) says:

/*   The contents of this file  may be disclosed to third   */
/*   parties, copied and duplicated in any form, in whole   */
/*   or in part, without the prior written consent of LSD.  */

and later on

#define COPYRIGHT "Original code by LSD. Modified by Renaud Deraison"

The plugin is about some IRIX object server, CVE-2000-0245.

Should we simply remove this plugin?

Yes, we try book keeping of Licenses.
We won't be able to make situation perfect in short time though.
Are we hence out of business with Debian?


> ----------  Forwarded Message  ----------
> Subject: [Openvas-distro-deb] openvas-plugins_1.0.4-1_i386.changes
> Date: Sunday 14 December 2008 11:14
> From: Thomas Viehmann <ftpmaster at debian.org>
> To: Joey Schulze <joey at infodrom.org>, Debian OpenVAS Maintainers
> <openvas-distro-deb at wald.intevation.org>
> Cc: Debian Installer <installer at ftp-master.debian.org>
> Hi Joey,
> unfortunately openvas-plugins package seems to need some major
> work auditing copyrights and licenses for each and every file.
> Most likely upstream wants to look into what the ship,
> might not align with their free software ideas, either.
> If you have influence on upstream, I'd also recommend
> bookkepping of GPL2 vs. GPL2+ vs. Same as Perl vs. GPL3
> licenses.
Openvas-distro mailing list
Openvas-distro at wald.intevation.org

More information about the Openvas-distro mailing list