Re: GitHub Acceptance guidelines - MSF automation modules

[Nathan Einwechter <neinwechter () gmail com>]

Thanks for the clarification and details. The issue was opened by an
end-user (not me), but he has the patch and I'll leave it for now
unless I hear any more about the issue. I'd rather not create a fork
unless there is significant demand or the fork is for a subset of
tools or for a larger piece that if of no interest to the mainline
under the guidelines (i.e. a conversion of the routerpwn site to an
MSF module I've been chipping away at).

I like the focus that you're providing for future development, it's
definitely the right move to make to keep the framework from flying
out of control.

Take care.

-- Nathan

On Fri, Nov 11, 2011 at 1:54 AM, HD Moore <hdm () metasploit com> wrote:
> On 11/10/2011 7:50 PM, Nathan Einwechter wrote:
> > I submitted a patch to an open issue someone had created in Redmine
> > some time ago that fixed some issues that caused file_autopwn to
> > basically not work at all. After the patch was applied and tested (by
> > both the issue opener and myself), file_autopwn seemed to be working
> > quiet well.
> >
> > Today Tod rejected the issue indicating that we're moving things over
> > to GitHub (see the blog post) and to take a look at the wiki there for
> > more details on what should/shouldn't be submitted (specifically the
> > acceptance guidelines), which leaves me a bit confused as to what to
> > do at this point. The guidelines say basically that automation should
> > no longer be submitted as a part of the "MSF core" (my words) due to
> > the utter failure of some of these types of modules in the past. If
> > file_autopwn is going to be dropped out of the framework, then I have
> > no problem letting the patch die. However, if it's going to be left in
> > MSF, then the patch should definitely be applied (if not my patch,
> > then at least some fix) as otherwise the module is 90% broken.
> >
> > Can anyone provide a bit of clarification at this point as to what to
> > do (or not do) in this position? I have no problem doing a fork+pull
> > on github to get this patch in, but don't want to go ahead and do this
> > if it's no longer needed/wanted.
>
> The file_autopwn module had bigger problems besides the items you
> highlighted. To be frank, it wasn't worth the maintenance overhead and we
> had yet to see a single *user* ask about it, let alone be aware of it. It
> goes against the framework scope in terms how it operates and the original
> contributor wasn't involved in maintenance. Feel free to take a copy of the
> module and maintain it in a fork of the metasploit-framework git project.
>
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework