[Openvas-distro] [Openvas-distro-deb] openvas-plugin package Was: Bug#546746: openvas-server: wrong plugin directory

Javier Fernández-Sanguino Peña jfs at computer.org
Sun Sep 20 21:45:33 CEST 2009 

On Sun, Sep 20, 2009 at 08:34:43PM +0200, Jan Wagner wrote:
> I see at least two reasons which may cause problems:
> 
> * scripts from latest upstream openvas-plugins are outdated and there
> shouldn't be any new upstream releases, so including the scripts may not
> make sence 

That's easy to fix. Just replace the plugins with the latest versions in SVN
and you are done. I'm actually doing that right now for the next version.

> * openvas-nvt-sync and the nes-plugins are included into openvas-server in 
> upstream trunk allready

But we don't have that version in Debian yet. I think we should focus in
trying to fix the current situation.

> My plan was, to just provide a _minimal_ package which includes only the 
> requirements to use the plugin feed, since the plugins package itself are not 
> maintained anymore. As soon as we have this components in openvas-server, I 
> thought about defering the plugins package.
> 
> My reasons for not including the the plugins was:
> 
> * plugins outdated

Easily fixed.

> * reviewing all the stuff is timeconsuming and gives you copyright/license 
> headache

I already wasted my time and did the review, so this is no longer a reason.

> * when dropping the plugin package, we have the complete set of tools inside 
> of openvas-server (same set of functionality)

This is a reason for not providing openvas-plugins in the future, but not
*now*

> > Please test and provide comments on the above packagse, if everybody agrees
> > I will commit them to SVN and upload the packages.
> 
> Since I don't like neither the idea of shiping outdated scripts in our package 
> nor going to the pain of reviewing all the new plugins for license/copyright 
> issues ... what about splitting the stuff into 2 packages? For example 
> openvas-plugins and openvas-plugins-base? The first just provides openvas-nvt-
> sync and the required nes-plugins, which can disapear when these are merged 
> into a upstream release. The second are just the addition plugins and stuff. 
> Taking openvas-plugins-base from latest upstream release may be fine, if 
> anybody gets this through NEW.

The only complain from the ftp-masters on the openvas-plugins packages
uploaded early in January this year were the Gentoo scripts. I have dedicated
quite a lot of time to review any other scripts missing the licenses.

Since the license review has been already done I don't believe it makes sense
to provide two packages. The package, as it is, should go just fine through
NEW.

> Anyways ... people.d.o is not reachable at the moment. So Javier, please 
> reconsider to give the involved people more time so get their opinion about 
> what you have done.

Sure, I can give more time. 

However, as I said in the past: it is to the benefit of our (Debian) users
that we provide a set of plugins so that you can do a basic OpenVAS check
without requiring downloading stuff over the Internet (there's some
installations in which that becomes an issue). 

Regards

Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090920/310a2b7f/attachment.pgp

More information about the Openvas-distro mailing list