[Openvas-distro] Gentoo NASL scripts valid? [ftpmaster@debian.org: openvas-plugins_1.0.2-1_i386.changes REJECTED]

Javier Fernández-Sanguino Peña jfs at computer.org
Mon Oct 27 01:40:05 CET 2008 

The openvas-plugin package has been rejected by Debian's ftpmasters (see
below). I've reviewed the plugins and *all* the Gentoo plugins (GLSA) include
the following header:

------------------------------------------
 # This script was automatically generated from 
 #  http://www.gentoo.org/security/en/glsa/glsa-200503-27.xml
 # It is released under the Nessus Script Licence.
 # The messages are release under the Creative Commons - Attribution /
 # Share Alike license. See http://creativecommons.org/licenses/by-sa/2.0/
-----------------------------------------

I guess this is because Gentoo's pages are licensed under the CC-by-sa.
However, the pages in Gentoo's do not mention a version. If you take a look
at any Gentoo advisory page, its footer is linked to
http://www.gentoo.org/main/en/contact.xml which links to
http://creativecommons.org/licenses/by-sa/2.5 (but does not explicitly say
that is the license for *all* pages).

Now, the problem with this header is that 

a) there is no reference that the "Nessus Script License" is the GPL. Indeed,
this is a fault in many scripts.

b) the CC-by-sa 2.0 is not compatible with the GPL, so those NASL scripts are
not 

I'm tempted to remove all these plugins from the Debian version of the
openvas-plugins package, in order to get it into Debian.

Could this issue be resolved or should I drop all these plugins?

Regards

Javier

----- Forwarded message from Kalle Kivimaa <ftpmaster at debian.org> -----

From: Kalle Kivimaa <ftpmaster at debian.org>
Date: Sun, 26 Oct 2008 21:47:36 +0000
To: Javier Fernandez-Sanguino Pen~a <jfs at debian.org>
Cc: Debian Installer <installer at ftp-master.debian.org>
Subject: openvas-plugins_1.0.2-1_i386.changes REJECTED

Dear Maintainer,

rejected, CC by-sa version 2.0 is DFSG incompatible. 3.0 is compatible, if you
can get the upstream to license the relevant parts with that.




===

If you don't understand why your files were rejected, or if the
override file requires editing, reply to this email.

----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20081027/13ebb4cc/attachment.pgp

More information about the Openvas-distro mailing list