Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#12490 - [nessus] Replace with openvas

Attached to Project: Arch Linux
Opened by Greg (dolby) - Thursday, 18 December 2008, 06:08 GMT
Last edited by Eric Belanger (Snowman) - Monday, 28 September 2009, 01:37 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Eric Belanger (Snowman)
Aaron Griffin (phrakture)
Architecture All
Severity Medium
Priority Normal
Reported Version None
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description: AFAIK nessus is proprietary software, the PKGBUILDs dont include a license and are orphan(?). Today the 2.0.0 openvas release was made available. Its a GPLed fork of nessus.

http://www.openvas.org/

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

OpenVAS products are Free Software under GNU GPL and a fork of Nessus.
This task depends upon

Closed by  Eric Belanger (Snowman)
Monday, 28 September 2009, 01:37 GMT
Reason for closing:  Won't implement
Additional comments about closing:  nessus (libnasl nessus-core nessus-libraries nessus-plugins) was removed from extra.
Comment by Strabla Ruggero (Ermak) - Thursday, 08 January 2009, 21:44 GMT
Ye I agree with dolby. By the way I created the OpenVAS packages and added to AUR.
Comment by Eric Belanger (Snowman) - Sunday, 22 March 2009, 03:40 GMT
FTR, the nessus packages have been updated and fixed (added license, etc.)
Comment by Eric Belanger (Snowman) - Sunday, 22 March 2009, 03:41 GMT
BTW, the packages in the repo use sources that have been licensed under GPL2.
Comment by Greg (dolby) - Sunday, 22 March 2009, 04:33 GMT
Yes i noticed that when you upgraded the package.
But nessus has a huge license agreement when you try to download the software (i have attached it below).
Judging by that nessus is definately not free.
PS. Seems not many people use that kind of software on Arch.
   nessus.license.agreement (59.4 KiB)
Comment by Eric Belanger (Snowman) - Sunday, 22 March 2009, 06:43 GMT
I think that agreement applies only if you don't use the GPL source. I don't remember.
Anyway, if not many people use this kind of software as you said then we shouldn't add openvas to extra. Especially as nessus is orphaned. The logical thing to do would be to just remove nessus because of license (needs to be checked) or because it's a low-usage orphan.
Comment by Greg (dolby) - Sunday, 22 March 2009, 06:58 GMT
I dont see a distinction between GPL and differently licensed software anywhere.
The URL you use in the build script is the one you get after you agree to the license above.
FWIW Debian still packages nessus and their copyright file says the license is GPL.
Regarding low usage pkgstats results show ~3.5 which is not that low. So a removal could only be associated with the fact there is no maintainer.
Comment by Aaron Griffin (phrakture) - Friday, 18 September 2009, 22:07 GMT
I'm fine with either option - removing nessus or replacing it with openvas
Comment by Eric Belanger (Snowman) - Friday, 18 September 2009, 22:11 GMT
I have no intention of replacing nessus by openvas. If someone else want to do it, they can go ahead. If I do something about this, it will be removing nessus from the repo.
Comment by Aaron Griffin (phrakture) - Friday, 18 September 2009, 22:20 GMT
Considering usage levels, and the fact that openvas is in the AUR, maybe removing it is the best idea here
Comment by Eric Belanger (Snowman) - Tuesday, 22 September 2009, 23:19 GMT
OK then. I'll remove the nessus packages sometime in the next few days.

Loading...