[opensuse-security] Incorporate OpenVAS to support security management?
Hi, I just proposed to include OpenVAS as a package to OpenSUSE [1]. As said there, the current Nessus package in fact violates the license of Nessus server and should either be distibuted without SSL or removed. While the Nessus-fork OpenVAS offers the same or even improved base technology, the actual value of such a tool is related to the extend/quality of the test routines (called "plugins" in Nessus and "NVTs" in OpenVAS). So far, OpenVAS has established a upto-date stream of so-called "local security checks" for GNU/Debian. It make sense to extend this to other distributions as well and of course SUSE comes to mind as it occurs in enterprise environments. Are there any opinions here whether/how to establish a stream of NVT's for the SUSE SAs? (Of course I have some ideas about "how" :-) Best regards Jan [1] http://en.opensuse.org/Wishlist_Network#O -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Jan-Oliver Wagner escribió:
Hi,
I just proposed to include OpenVAS as a package to OpenSUSE [1]. As said there, the current Nessus package in fact violates the license of Nessus server and should either be distibuted without SSL or removed.
I will try to package this stuff if I have time to. but no promises that it will be included in openSUSE, initially it will be available only in the Buildservice. -- "Morality is merely an interpretation of certain phenomena — more precisely, a misinterpretation." - Friedrich Nietzsche Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mittwoch, 5. März 2008, Cristian Rodríguez wrote:
Jan-Oliver Wagner escribió:
I just proposed to include OpenVAS as a package to OpenSUSE [1]. As said there, the current Nessus package in fact violates the license of Nessus server and should either be distibuted without SSL or removed.
I will try to package this stuff if I have time to.
if the OpenVAS team can assist (e.g. with prototyping spec files), let me know.
but no promises that it will be included in openSUSE, initially it will be available only in the Buildservice.
fair enough. Is there another list or contact to inform about license violations of included SUSE packages? All the best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Thu, Mar 06, 2008 at 10:24:16AM +0100, Jan-Oliver Wagner wrote:
On Mittwoch, 5. März 2008, Cristian Rodríguez wrote:
Jan-Oliver Wagner escribió:
I just proposed to include OpenVAS as a package to OpenSUSE [1]. As said there, the current Nessus package in fact violates the license of Nessus server and should either be distibuted without SSL or removed.
I will try to package this stuff if I have time to.
if the OpenVAS team can assist (e.g. with prototyping spec files), let me know.
but no promises that it will be included in openSUSE, initially it will be available only in the Buildservice.
fair enough.
Is there another list or contact to inform about license violations of included SUSE packages?
? Huh? Please just open bugreports for license violations. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Cristian Rodríguez -
Jan-Oliver Wagner -
Marcus Meissner