[Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian Package
jan-oliver.wagner at intevation.de
Wed May 13 08:41:16 CEST 2009
On Tuesday 12 May 2009 15:44:38 Javier Fernandez-Sanguino wrote:
> 2009/5/12 Michael Wiegand <michael.wiegand at intevation.de>:
> > IMHO, the approach you propose would give Tenable an amount of influence
> > in the OpenVAS development process they should not have. Call me a
> > cynic, but I don't think Tenable will fall over themselves to handle
> > questions from the OpenVAS project. ;) What if they suddenly realize
> > that they didn't *really* mean to put a load of other plugings under the
> > the GPL, even though they were part of the GPL feed?
> Then you have a copyright issue. If the plugin did not have (in the
> GPL feed) a proper GPL header Tenable could assert their rights to a
> different license and claim that they were not actually GPL-licensed
> but, instead, bundled with GPL software.
there was some explicit announcements by Tenable and the feed
was referred to as "GPL Feed". Not sure how other laws judge this,
but in Germany this means a user can savely assume they mean GPL
if they say GPL ;-)
If you label a package "GPL" and put something different inside, this
isn't really something you can base a law case on.
However, they kept (and probably keep) reading/watching OpenVAS
and so far informed us when we were mistaken about license.
They gave some clear advice and we considered this during our license
clean up phase.
> If you keep the current situation and some months later, after people
> have produced plugins based/dependant on this .inc file OpenVAS might
> need to remove it and remove/rewrite the other plugins. It would be
> best to clarify this with Tenable before going forward.
As Michael said, clarification on single NVTs will lead nowhere! Why should
they answer at all? If they don't they can easily block us and we have to
rewrite it anyway.
IMHO: So, please just go ahead using the scripts (or depend on them).
Should there ever be a wrong assumption (despite our careful analysis),
and this can be prooven to us, then we rewrite it.
Apart from this, of course I recommend to have us write our own stuff
whenever possible. Eventually we get rid of any code copyrighted by Tenable.
Again: Anything in the "GPL Feed" of Tenable we regard as GPL unless
a file clearly states a different, proprietary license.
We have snapshots of January 2005 some mid of 2006 to check with.
More information about the Openvas-plugins