[Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian Package
Javier Fernández-Sanguino Peña
jfs at computer.org
Sun May 10 11:38:36 CEST 2009
On Tue, Apr 21, 2009 at 08:45:04AM +0200, Michael Wiegand wrote:
> * Jan Wagner [20. Apr 2009]:
> > > What do I need to do to make the buildds love openvas-server again?
> >
> > I did all the needed steps. :)
>
> Thank you! :)
>
> > > > and openvas-plugins aren't in Debian et al.
> > >
> > > What would be your suggestion for getting it into Debian? Strip out all
> > > offending plugins or strip all non-C plugins?
> >
> > Hmm .... I would suggest to drop all non-dfsg plugins and then let the users
> > decide, if/what/when they update the plugins from your feed. I guess there is
> > fancy script, which can do that. :)
>
> Using Javier's audit script, there are only two non-free plugins
> remaining. Is this a complete list or are there other scripts Debian
> might object to?
>
> The two scripts are:
> apache_username.nasl
> smb_hotfixes.inc
>
> Both are (C) Tenable without any licensing information.
I already mentioned (january 2009) that those two should be removed. It seems
they were readded recently:
svn log apache_username.nasl:
------------------------------------------------------------------------
r3165 | mwiegand | 2009-04-23 09:18:25 +0200 (jue 23 de abr de 2009) | 3
lines
* scripts/apache_username.nasl: Added note regarding license to make
it clear that this script was indeed released under the GPL.
------------------------------------------------------------------------
> smb_hotfixes.inc is included by eight other plugins:
I suggested smb_hotfixes.inc was removed from the plugins package back in january. It
was then since added (again?) to the OpenVAS plugins:
svn log smb_hotfixes.inc
-----------------------------------------------------------
r3166 | mwiegand | 2009-04-23 09:19:23 +0200 ( 23 de abr de 2009) | 3
lines
* scripts/smb_hotfixes.inc: Added note regarding license to make
it clear that this script was indeed released under the GPL.
-----------------------------------------------------------
However, the header is not a proper "GPL header" and that's why the audit
scripts still complains about it. In order to have these comply the header
should be ammended to be a "proper" GPL
> AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone
> clarify where it came from? I'm not sure if the functionality provided
> by smb_hotfixes.inc is really needed and how much work this would be.
> I'm crossposting this to openvas-plugins in hope of some answers.
It seems it might have been part of the GPL feed at some point. I, however,
think this might be a mistake from Tenable. However, in one of our discussions (in
july 2008 @ openvas-devel:
---------------------------------------------------------------------------
From: "Chandrashekhar B" <bchandra at secpod.com>
To: <openvas-devel at wald.intevation.org>
Message-ID: <007901c8f15d$1cdb0f30$0201a8c0 at mahesh>
(...)
Tenable raised concern for smb_hotfixes.nasl and smb_hotfixes.inc when we
published in our website but, didn't raise for smb_nt.inc.
Chandra.
---------------------------------------------------------------------------
As said before, this should be clarified with Tenable.
> I would not mind removing smb_hotfixes.inc and dependent plugins from
> the Debian package if the damage is (as it seems) minimal.
I suggest these should be removed, Tenable should be contacted and, if they
agree, they should be included again.
Regards
Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090510/79462439/attachment.pgp
More information about the Openvas-plugins
mailing list