[Openvas-distro] [Openvas-distro-deb] openvas-plugin package Was: Bug#546746: openvas-server: wrong plugin directory
Javier Fernández-Sanguino Peña
jfs at computer.org
Sun Sep 20 21:45:33 CEST 2009
On Sun, Sep 20, 2009 at 08:34:43PM +0200, Jan Wagner wrote:
> I see at least two reasons which may cause problems:
> * scripts from latest upstream openvas-plugins are outdated and there
> shouldn't be any new upstream releases, so including the scripts may not
> make sence
That's easy to fix. Just replace the plugins with the latest versions in SVN
and you are done. I'm actually doing that right now for the next version.
> * openvas-nvt-sync and the nes-plugins are included into openvas-server in
> upstream trunk allready
But we don't have that version in Debian yet. I think we should focus in
trying to fix the current situation.
> My plan was, to just provide a _minimal_ package which includes only the
> requirements to use the plugin feed, since the plugins package itself are not
> maintained anymore. As soon as we have this components in openvas-server, I
> thought about defering the plugins package.
> My reasons for not including the the plugins was:
> * plugins outdated
> * reviewing all the stuff is timeconsuming and gives you copyright/license
I already wasted my time and did the review, so this is no longer a reason.
> * when dropping the plugin package, we have the complete set of tools inside
> of openvas-server (same set of functionality)
This is a reason for not providing openvas-plugins in the future, but not
> > Please test and provide comments on the above packagse, if everybody agrees
> > I will commit them to SVN and upload the packages.
> Since I don't like neither the idea of shiping outdated scripts in our package
> nor going to the pain of reviewing all the new plugins for license/copyright
> issues ... what about splitting the stuff into 2 packages? For example
> openvas-plugins and openvas-plugins-base? The first just provides openvas-nvt-
> sync and the required nes-plugins, which can disapear when these are merged
> into a upstream release. The second are just the addition plugins and stuff.
> Taking openvas-plugins-base from latest upstream release may be fine, if
> anybody gets this through NEW.
The only complain from the ftp-masters on the openvas-plugins packages
uploaded early in January this year were the Gentoo scripts. I have dedicated
quite a lot of time to review any other scripts missing the licenses.
Since the license review has been already done I don't believe it makes sense
to provide two packages. The package, as it is, should go just fine through
> Anyways ... people.d.o is not reachable at the moment. So Javier, please
> reconsider to give the involved people more time so get their opinion about
> what you have done.
Sure, I can give more time.
However, as I said in the past: it is to the benefit of our (Debian) users
that we provide a set of plugins so that you can do a basic OpenVAS check
without requiring downloading stuff over the Internet (there's some
installations in which that becomes an issue).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090920/310a2b7f/attachment.pgp
More information about the Openvas-distro