Full Disclosure mailing list archives
Re: Call to participate: GNessUs security scanner
From: MadHat <madhat () unspecific com>
Date: Tue, 11 Oct 2005 10:25:06 -0500
On Oct 11, 2005, at 12:34 AM, Valdis.Kletnieks () vt edu wrote:
On Mon, 10 Oct 2005 22:07:19 EDT, security curmudgeon saidNessus has been open source for a long time. Despite that, the majority ofcontributions have come from a very small amount of people. Even withplugins, some 95% (i think) were written by the Nessus team, not outsidecontributors.At least for some people (including myself), software verifiability and transparency is important. I've never contributed code to the Nessus tree, but the availability of the source so we can tell what it's *really* doing has been important more than once. And there's philosophical appeal in the idea of a product being open-source, and software company business models organized around consulting/support contracts (see Sendmail Inc or Red Hat for example).Having said that, I don't particularly insist that it need be a *GPL* license. Most of the OSI "Open Source" licenses would be acceptable (and in fact, I've dealt successfully with more than one project where the source was "available but closed" - Dan Bernstein isn't the only guy with his style of licensing).Of course, the fact that the Nessus 2.2.5 tree is *already* GPL means 2 things:1) Tim is totally in his rights to start a fork - if anything, the right tofork the tree is one of the primary rights under the GPL.
Not all of 2.2 is GPL. Many of the NASL scripts are not, and this includes ALL of the SMB stuff. Only the engine is GPL. All of the SMB stuff (meaning the functions to connect to Windows shares and query the registry and check SMB specific "stuff") is implemented in NASL code, not in the engine. When 2.2 came out, the shift to non- GPL scripts changed more than just the checks, some of the inner workings of NASL through include scripts and dependancies also became non-GPL, though I don't think most people noticed this.
-- MadHat (at) Unspecific.com, CĀ²ISSP E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98 gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Call to participate: GNessUs security scanner Tim Brown (Oct 10)
- Re: Call to participate: GNessUs security scanner sk (Oct 10)
- Re: Call to participate: GNessUs security scanner security curmudgeon (Oct 10)
- Re: Call to participate: GNessUs security scanner Valdis . Kletnieks (Oct 10)
- Re: Call to participate: GNessUs security scanner Vincent Archer (Oct 11)
- Re: Call to participate: GNessUs security scanner MadHat (Oct 11)
- Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
- Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
- Re: Call to participate: GNessUs security scanner Valdis . Kletnieks (Oct 10)
- RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 11)
- Re: Call to participate: GNessUs security scanner Thierry Zoller (Oct 11)
- RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 15)
- Re: Call to participate: GNessUs security scanner Morning Wood (Oct 11)
- Re: Call to participate: GNessUs security scanner Barrie Dempster (Oct 11)
- Nessus becoming closed. [was: Call to participate] trains (Oct 12)
- Message not available
- Re: Nessus becoming closed. [was: Call to participate] trains (Oct 12)
- Re: Nessus becoming closed. [was: Call to participate] TheGesus (Oct 12)