Ubuntu
nessus-plugins package

nessus-plugins: non-free

Bug #12127 reported by Debian Bug Importer
4
Affects Status Importance Assigned to Milestone
nessus-plugins (Debian)
Fix Released
Unknown
nessus-plugins (Ubuntu)
Fix Released
High
Michael Vogt
Ubuntu ubuntu-5.04

Bug Description

Automatically imported from Debian bug report #291658 http://bugs.debian.org/291658

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #291658 http://bugs.debian.org/291658

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sat, 22 Jan 2005 08:26:39 +0100
From: Florian Weimer <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: nessus-plugins: non-free

Package: nessus-plugins
Severity: serious
Justification: Policy 2.2.1

Upstream claims that large parts of nessus-plugins has never been
licensed under the GPL. The copyright status of many NASL scripts is
indeed very unclear.

The new upstream license does not give permission to redistribute, so
it's not suitable for non-free either.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-rc1fw
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Revision history for this message
In , Javier Fernández-Sanguino (jfs) wrote : Re: Bug#291658: nessus-plugins: non-free

severity 291658 normal
retitle 291658 nessus-plugins: Some NASL plugins in release 2.2.2a (and later) are non-free
thanks

On Sat, Jan 22, 2005 at 08:26:39AM +0100, Florian Weimer wrote:
>
> Upstream claims that large parts of nessus-plugins has never been
> licensed under the GPL. The copyright status of many NASL scripts is
> indeed very unclear.

This claim only applies to post-2.2.2a releases, as you can see from the
COPYING license of all the ftp sources in nessus.org (pre-2.2.2a). Upstream
(that is, Renaud Deraison) has not changed those. So they still apply.

Moreover, the copyright status of the NASL scripts is not unclear
(copyright holders are stated for all of the scripts). The license status,
however, has changed for some of the NASL scripts in 2.2.2a (and 2.3).
For previous releases the "Nessus Script License" = GPL. Debian currently
distributes 2.2.2 BTW.

> The new upstream license does not give permission to redistribute, so
> it's not suitable for non-free either.

Correct, the _new_ one, which does not apply retroactively to all other
versions (note again that upstream has not changed the copyright statements
in those). That's why I haven't packaged 2.2.2a yet. I will probably
repackage that version with only a _very_ limited number of plugins and
tell users to go and download them if they want the non-free scripts.

In any case, if you are interested upstream has not contacted the writers
of some NASL scripts (me included) before re-licensing them. So this
relicensing might not even be valid in some cases, only for those plugins
which are copyrighted by Tenable or Renaud (the majority, however

As I said before for the 2.3 release I will repackage the NASL scripts and
only provide in the archive those that have been determined to be free
(i.e. GPL or BSD licensed).

Regards

Javier

Revision history for this message
In , Florian Weimer (fw) wrote :

* Javier Fernández-Sanguino Peña:

>> Upstream claims that large parts of nessus-plugins has never been
>> licensed under the GPL. The copyright status of many NASL scripts is
>> indeed very unclear.
>
> This claim only applies to post-2.2.2a releases, as you can see from the
> COPYING license of all the ftp sources in nessus.org (pre-2.2.2a). Upstream
> (that is, Renaud Deraison) has not changed those. So they still apply.

Tenable claims that the GPL has never applied to their plugins, only
to the plugins that were explicitly released under the GPL.

> Moreover, the copyright status of the NASL scripts is not unclear
> (copyright holders are stated for all of the scripts). The license status,
> however, has changed for some of the NASL scripts in 2.2.2a (and 2.3).
> For previous releases the "Nessus Script License" = GPL. Debian currently
> distributes 2.2.2 BTW.

From what information do you infer this?

The plugins I'm most interested in are:

#
# (C) Tenable Network Security
#
# v1.2: use the same requests as MS checktool
# v1.16: use one of eEye's request when a null session can't be established
#

(msrpc_dcom2.nasl)

#
# This script is (C) Tenable Network Security
# 10/22/2003 updated by KK Liu 10/22/2003
# - check messenger service, if not on - exit
# - check Windows OS
#

(messenger_ms03-043.nasl)

#
# (C) Renaud Deraison
#

(http_asn1_decoding.nasl)

I doubt we can say for sure that these plugins were covered by the
GPL, even though they are distributed in a tarball which happens to
contain a COPYING file.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 22 Jan 2005 15:37:28 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Florian Weimer <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#291658: nessus-plugins: non-free

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

severity 291658 normal
retitle 291658 nessus-plugins: Some NASL plugins in release 2.2.2a (and lat=
er) are non-free
thanks

On Sat, Jan 22, 2005 at 08:26:39AM +0100, Florian Weimer wrote:
>=20
> Upstream claims that large parts of nessus-plugins has never been
> licensed under the GPL. The copyright status of many NASL scripts is
> indeed very unclear.

This claim only applies to post-2.2.2a releases, as you can see from the
COPYING license of all the ftp sources in nessus.org (pre-2.2.2a). Upstream
(that is, Renaud Deraison) has not changed those. So they still apply.=20

Moreover, the copyright status of the NASL scripts is not unclear
(copyright holders are stated for all of the scripts). The license status,
however, has changed for some of the NASL scripts in 2.2.2a (and 2.3).=20
For previous releases the "Nessus Script License" =3D GPL. Debian currently=
=20
distributes 2.2.2 BTW.

> The new upstream license does not give permission to redistribute, so
> it's not suitable for non-free either.

Correct, the _new_ one, which does not apply retroactively to all other
versions (note again that upstream has not changed the copyright statements
in those). That's why I haven't packaged 2.2.2a yet. I will probably
repackage that version with only a _very_ limited number of plugins and
tell users to go and download them if they want the non-free scripts.

In any case, if you are interested upstream has not contacted the writers
of some NASL scripts (me included) before re-licensing them. So this
relicensing might not even be valid in some cases, only for those plugins
which are copyrighted by Tenable or Renaud (the majority, however

As I said before for the 2.3 release I will repackage the NASL scripts and
only provide in the archive those that have been determined to be free
(i.e. GPL or BSD licensed).=20

Regards

Javier

--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB8mUoi4sehJTrj0oRAvShAJ4sGRi+gRKQ8AI4jTZJnTck766UlwCgpaQB
h/YzrmlbZknUU4lNDiBqxOo=
=EQ7O
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 22 Jan 2005 15:52:14 +0100
From: Florian Weimer <email address hidden>
To: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#291658: nessus-plugins: non-free

* Javier Fern=E1ndez-Sanguino Pe=F1a:

>> Upstream claims that large parts of nessus-plugins has never been
>> licensed under the GPL. The copyright status of many NASL scripts is
>> indeed very unclear.
>
> This claim only applies to post-2.2.2a releases, as you can see from the
> COPYING license of all the ftp sources in nessus.org (pre-2.2.2a). Upstre=
am
> (that is, Renaud Deraison) has not changed those. So they still apply.=20

Tenable claims that the GPL has never applied to their plugins, only
to the plugins that were explicitly released under the GPL.

> Moreover, the copyright status of the NASL scripts is not unclear
> (copyright holders are stated for all of the scripts). The license status,
> however, has changed for some of the NASL scripts in 2.2.2a (and 2.3).=20
> For previous releases the "Nessus Script License" =3D GPL. Debian current=
ly=20
> distributes 2.2.2 BTW.

From what information do you infer this?

The plugins I'm most interested in are:

#
# (C) Tenable Network Security
#
# v1.2: use the same requests as MS checktool
# v1.16: use one of eEye's request when a null session can't be established
#

(msrpc_dcom2.nasl)

#
# This script is (C) Tenable Network Security
# 10/22/2003 updated by KK Liu 10/22/2003
# - check messenger service, if not on - exit
# - check Windows OS=20
#

(messenger_ms03-043.nasl)

#
# (C) Renaud Deraison
#

(http_asn1_decoding.nasl)

I doubt we can say for sure that these plugins were covered by the
GPL, even though they are distributed in a tarball which happens to
contain a COPYING file.

Revision history for this message
In , Javier Fernández-Sanguino (jfs) wrote :

On Sat, Jan 22, 2005 at 03:52:14PM +0100, Florian Weimer wrote:
>
> Tenable claims that the GPL has never applied to their plugins, only
> to the plugins that were explicitly released under the GPL.

That claim is really not true, since the "Nessus Script License" was (until
recently) equivalent to the GPL. All plugin developers (me included) have
contributed stuff to plugins based on that. Licensing of plugins has been
discussed previously in the nessus-plugins mailing lists, there was even a
discussion back in 2001 when Renaud was considering changing its license,
please read:

http://archives.neohapsis.com/archives/apps/nessus/2001-q2/0434.html

In that mail upstream (i.e. Renaud) explicitly says that the plugins are
distributed through the GPL.

> >From what information do you infer this?
>
> The plugins I'm most interested in are:
(..)

Those plugins are (c) Tenable or Renaud. Notice that there is no license
statement in the source code and that they are distributed in 2.1.0 (in
ftp.nessus.org) with a 'COPYING' file that states they _are_ GPLd.

If upstream does want to relicense these plugins (which it can do, as it
has (c) on them) then they should also repackage all of those available in
the public ftp server. So far, they have not done such a thing.

The license issues with the plugins are there, however, in the 2.2.2a and
2.3 release (not packaged in Debian). The plugins distributed with 2.3 have
a different license (the new one "Tenable's Public License") but that
contradicts the license in the code of some of the plugins (both NASL
scripts and .c plugins). It is also incompatible with the GPL and that
makes some plugins status unclear (specifically .c plugins which are
compiled with libnasl). Again, this applies to 2.3 and 2.2.2a, not to
earlier releases.

As for NASL scripts, here is the breakdown of licenses in 2.3:

- BSD 1
- GPL 455
- Nessus Script License 5188
- UNLICENSED 295

This is not the first time upstream has changed a license to a package
(check out OpenBSD's pf [1] and Xfree86) but, IMHO, license changes do not
apply to whatever was distributed (and still is) with a different license.
Copyright holders obviously can re-license stuff, but they've had no
interest in doing it (as the public ftp shows).

The situation of Nessus in Debian, whoever, could change if all the source
code at ftp.nessus.org where to be relicensed (which is not the case yet).
I just hope upstream will divide the nessus-plugins tar into a GPL and
non-gpl archive to help distributions decide which part are or aren't
distributable.

Regards

Javier

[1] slashdot.org/article.pl?sid=01/06/25/1557213

Revision history for this message
In , Florian Weimer (fw) wrote :

* Javier Fernández-Sanguino Peña:

> On Sat, Jan 22, 2005 at 03:52:14PM +0100, Florian Weimer wrote:
>>
>> Tenable claims that the GPL has never applied to their plugins, only
>> to the plugins that were explicitly released under the GPL.
>
> That claim is really not true, since the "Nessus Script License" was (until
> recently) equivalent to the GPL. All plugin developers (me included) have
> contributed stuff to plugins based on that. Licensing of plugins has been
> discussed previously in the nessus-plugins mailing lists, there was even a
> discussion back in 2001 when Renaud was considering changing its license,
> please read:
>
> http://archives.neohapsis.com/archives/apps/nessus/2001-q2/0434.html

Tenable Network Security claims this relicensing never happened for
the plugins. (I've asked them.)

Mere aggregation with GPL-covered works does not cause software to
fall under the GPL automatically, so Debian is unfortunately on rather
thin ice. 8-(

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (3.4 KiB)

Message-ID: <email address hidden>
Date: Sat, 22 Jan 2005 19:39:24 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Florian Weimer <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#291658: nessus-plugins: non-free

--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 22, 2005 at 03:52:14PM +0100, Florian Weimer wrote:
>=20
> Tenable claims that the GPL has never applied to their plugins, only
> to the plugins that were explicitly released under the GPL.

That claim is really not true, since the "Nessus Script License" was (until
recently) equivalent to the GPL. All plugin developers (me included) have
contributed stuff to plugins based on that. Licensing of plugins has been
discussed previously in the nessus-plugins mailing lists, there was even a
discussion back in 2001 when Renaud was considering changing its license,
please read:

http://archives.neohapsis.com/archives/apps/nessus/2001-q2/0434.html

In that mail upstream (i.e. Renaud) explicitly says that the plugins are=20
distributed through the GPL.

> >From what information do you infer this?
>=20
> The plugins I'm most interested in are:
(..)

Those plugins are (c) Tenable or Renaud. Notice that there is no license=20
statement in the source code and that they are distributed in 2.1.0 (in=20
ftp.nessus.org) with a 'COPYING' file that states they _are_ GPLd.

If upstream does want to relicense these plugins (which it can do, as it=20
has (c) on them) then they should also repackage all of those available in=
=20
the public ftp server. So far, they have not done such a thing.

The license issues with the plugins are there, however, in the 2.2.2a and
2.3 release (not packaged in Debian). The plugins distributed with 2.3 have
a different license (the new one "Tenable's Public License") but that
contradicts the license in the code of some of the plugins (both NASL
scripts and .c plugins). It is also incompatible with the GPL and that
makes some plugins status unclear (specifically .c plugins which are
compiled with libnasl). Again, this applies to 2.3 and 2.2.2a, not to
earlier releases.

As for NASL scripts, here is the breakdown of licenses in 2.3:

- BSD 1
- GPL 455
- Nessus Script License 5188
- UNLICENSED 295

This is not the first time upstream has changed a license to a package
(check out OpenBSD's pf [1] and Xfree86) but, IMHO, license changes do not
apply to whatever was distributed (and still is) with a different license.
Copyright holders obviously can re-license stuff, but they've had no
interest in doing it (as the public ftp shows).

The situation of Nessus in Debian, whoever, could change if all the source
code at ftp.nessus.org where to be relicensed (which is not the case yet).=
=20
I just hope upstream will divide the nessus-plugins tar into a GPL and=20
non-gpl archive to help distributions decide which part are or aren't=20
distributable.

Regards

Javier

[1] slashdot.org/article.pl?sid=3D01/06/25/1557213

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description:...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 22 Jan 2005 19:47:04 +0100
From: Florian Weimer <email address hidden>
To: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#291658: nessus-plugins: non-free

* Javier Fern=E1ndez-Sanguino Pe=F1a:

> On Sat, Jan 22, 2005 at 03:52:14PM +0100, Florian Weimer wrote:
>>=20
>> Tenable claims that the GPL has never applied to their plugins, only
>> to the plugins that were explicitly released under the GPL.
>
> That claim is really not true, since the "Nessus Script License" was (unt=
il
> recently) equivalent to the GPL. All plugin developers (me included) have
> contributed stuff to plugins based on that. Licensing of plugins has been
> discussed previously in the nessus-plugins mailing lists, there was even a
> discussion back in 2001 when Renaud was considering changing its license,
> please read:
>
> http://archives.neohapsis.com/archives/apps/nessus/2001-q2/0434.html

Tenable Network Security claims this relicensing never happened for
the plugins. (I've asked them.)

Mere aggregation with GPL-covered works does not cause software to
fall under the GPL automatically, so Debian is unfortunately on rather
thin ice. 8-(

Revision history for this message
In , Javier Fernández-Sanguino (jfs) wrote :

On Sat, Jan 22, 2005 at 07:47:04PM +0100, Florian Weimer wrote:
> Tenable Network Security claims this relicensing never happened for
> the plugins. (I've asked them.)

Plugins were never distributed under any other license, for all
contributors to the Nessus project the "Nessus Script License" was just the
GPL. Upstream (Renaud) made this clear in the mailing lists a couple of
times.

Nobody from upstream has spoken up saying that whomever (pre-2.2.2a) was
distributing these plugins was not doing it correctly. Renaud (and Tenable)
were very much aware that Debian, FreeBSD as well as other commercial Linux
distributions (like SuSE) have been providing Nessus and all its plugins in
their distributions for quite some time. Certainly, if they had any issue
with that they should have brought it out a long time ago.

The fact is, some plugins in the new release (2.3) as well the new plugins
that are being produced have been relicensed, plugins in previous releases
have not. Debian is still distributing the old releases.

I'm not sure if I will be providing new releases but when I do, only
plugins that are free in that release will be included.

If upstream has failed to add a proper license to the plugins then they
should fix it properly. Many plugins code (even in the 2.3 release) refers
to the "Nessus Script License".

Feel free to check out the (free) GPL feed which is available at
http://www.nessus.org/nasl/all-2.0.tar.gz. You'll find a number of plugins
licensed under the "Nessus Script License", including some of those you are
interested in.

The new license restrictions do apply to the "feeds" of nessus plugins
(what you can download from the Internet). People downloading new plugins
will need to register to the feed if they want the full list of plugins. If
you are using the nessus-update-plugins script from the 2.2.2 release you
shouldn't be able to download plugins you have not registered for (since
those are distributed through a different mechanism and you need
nessus-fetch for those) and you will only get the free "GPL feed".

Hope I have cleared this up. If you still believe otherwise feel free to
bring this issue up in Nessus' public mailing list.

Regards

Javier

PS: Who have you asked at Tenable? Maybe they should clear this mess up.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sun, 23 Jan 2005 02:14:59 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Florian Weimer <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#291658: nessus-plugins: non-free

--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 22, 2005 at 07:47:04PM +0100, Florian Weimer wrote:
> Tenable Network Security claims this relicensing never happened for
> the plugins. (I've asked them.)

Plugins were never distributed under any other license, for all
contributors to the Nessus project the "Nessus Script License" was just the
GPL. Upstream (Renaud) made this clear in the mailing lists a couple of
times.

Nobody from upstream has spoken up saying that whomever (pre-2.2.2a) was
distributing these plugins was not doing it correctly. Renaud (and Tenable)
were very much aware that Debian, FreeBSD as well as other commercial Linux
distributions (like SuSE) have been providing Nessus and all its plugins in
their distributions for quite some time. Certainly, if they had any issue
with that they should have brought it out a long time ago.

The fact is, some plugins in the new release (2.3) as well the new plugins
that are being produced have been relicensed, plugins in previous releases
have not. Debian is still distributing the old releases.

I'm not sure if I will be providing new releases but when I do, only
plugins that are free in that release will be included.

If upstream has failed to add a proper license to the plugins then they
should fix it properly. Many plugins code (even in the 2.3 release) refers
to the "Nessus Script License".

Feel free to check out the (free) GPL feed which is available at
http://www.nessus.org/nasl/all-2.0.tar.gz. You'll find a number of plugins
licensed under the "Nessus Script License", including some of those you are
interested in.

The new license restrictions do apply to the "feeds" of nessus plugins
(what you can download from the Internet). People downloading new plugins
will need to register to the feed if they want the full list of plugins. If
you are using the nessus-update-plugins script from the 2.2.2 release you
shouldn't be able to download plugins you have not registered for (since
those are distributed through a different mechanism and you need
nessus-fetch for those) and you will only get the free "GPL feed".

Hope I have cleared this up. If you still believe otherwise feel free to=20
bring this issue up in Nessus' public mailing list.

Regards

Javier

PS: Who have you asked at Tenable? Maybe they should clear this mess up.

--huq684BweRXVnRxX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB8vqSi4sehJTrj0oRAn6VAKCgD4XNSV1Ow0NL4SziBPZyXCg6lACeMgLt
meFnD9RUKplrNDyloYBz6Y0=
=0T5T
-----END PGP SIGNATURE-----

--huq684BweRXVnRxX--

Revision history for this message
In , Javier Fernández-Sanguino (jfs) wrote : Bug#291658: fixed in nessus-plugins 2.2.3-1
Download full text (3.3 KiB)

Source: nessus-plugins
Source-Version: 2.2.3-1

We believe that the bug you reported is fixed in the latest version of
nessus-plugins, which is due to be installed in the Debian FTP archive:

nessus-plugins_2.2.3-1.diff.gz
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1.diff.gz
nessus-plugins_2.2.3-1.dsc
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1.dsc
nessus-plugins_2.2.3-1_i386.deb
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1_i386.deb
nessus-plugins_2.2.3.orig.tar.gz
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <email address hidden> (supplier of updated nessus-plugins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Sat, 12 Feb 2005 22:37:40 +0100
Source: nessus-plugins
Binary: nessus-plugins
Architecture: source i386
Version: 2.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Josip Rodin <email address hidden>
Changed-By: Javier Fernandez-Sanguino Pen~a <email address hidden>
Description:
 nessus-plugins - Nessus plugins
Closes: 281444 291658
Changes:
 nessus-plugins (2.2.3-1) unstable; urgency=high
 .
   * New upstream release
     (Priority set to high since this new version removes code which
     was not free)
   * This new version includes only the GPL licensed plugins, added
     a debian/NEWS file describing the current situation regarding
     plugin licenses, also updated the debian/copyright file
     (Closes: #291658)
   * Removed Hydra from the distibution (including original sources
     which have been repacked) since Hydra is not really free, see
     bug #258057)
   * Do not move the .desc directory when relocating plugins from
     the old location to the new one (Closes: #281444)
   * Introduce a nessus-update-plugins-gpl (based on nessus-update-plugins
     of previous release) for those that only want to download the latest
     GPL feed and not use nessus-fetch. Since nessus-fetch is provided
     by nessus-core (>= 2.2.3) and we do not want to depend on it.
   * Build-Depend on libpcap0.8-dev | libpcap-dev
   * Adjust scripts/gpl_feed.nasl so that it fits properly on a terminal
     (75 chars per line)
Files:
 4e74608a19197c3906bba8d30204f23a 885 admin optional nessus-plugins_2.2.3-1.dsc
 e58fed95aa7df8b1ceba7446c2d0e8ab 1430449 admin optional nessus-plugins_2.2.3.orig.tar.gz
 a95aa1bc7914d71afe3bf0603d04e3c1 329953 admin optional nessus-plugins_2.2.3-1.diff.gz
 2b3c09b4f06fd32a9e471bda1929d7c0 1416310 admin optional nessus-plugins_2.2.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQCVAwUBQg66bftEPvakNq0lAQGKhgQAoCCBKMAXInEfxkzfruD0S/kOKjn2SrLT
YQ/ab4EBR+8npJFWlwplDPUH33fH9rX8WcnBgsv9vP...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (3.5 KiB)

Message-Id: <email address hidden>
Date: Sat, 12 Feb 2005 22:02:39 -0500
From: Javier Fernandez-Sanguino Pen~a <email address hidden>
To: <email address hidden>
Subject: Bug#291658: fixed in nessus-plugins 2.2.3-1

Source: nessus-plugins
Source-Version: 2.2.3-1

We believe that the bug you reported is fixed in the latest version of
nessus-plugins, which is due to be installed in the Debian FTP archive:

nessus-plugins_2.2.3-1.diff.gz
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1.diff.gz
nessus-plugins_2.2.3-1.dsc
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1.dsc
nessus-plugins_2.2.3-1_i386.deb
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3-1_i386.deb
nessus-plugins_2.2.3.orig.tar.gz
  to pool/main/n/nessus-plugins/nessus-plugins_2.2.3.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <email address hidden> (supplier of updated nessus-plugins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Sat, 12 Feb 2005 22:37:40 +0100
Source: nessus-plugins
Binary: nessus-plugins
Architecture: source i386
Version: 2.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Josip Rodin <email address hidden>
Changed-By: Javier Fernandez-Sanguino Pen~a <email address hidden>
Description:
 nessus-plugins - Nessus plugins
Closes: 281444 291658
Changes:
 nessus-plugins (2.2.3-1) unstable; urgency=high
 .
   * New upstream release
     (Priority set to high since this new version removes code which
     was not free)
   * This new version includes only the GPL licensed plugins, added
     a debian/NEWS file describing the current situation regarding
     plugin licenses, also updated the debian/copyright file
     (Closes: #291658)
   * Removed Hydra from the distibution (including original sources
     which have been repacked) since Hydra is not really free, see
     bug #258057)
   * Do not move the .desc directory when relocating plugins from
     the old location to the new one (Closes: #281444)
   * Introduce a nessus-update-plugins-gpl (based on nessus-update-plugins
     of previous release) for those that only want to download the latest
     GPL feed and not use nessus-fetch. Since nessus-fetch is provided
     by nessus-core (>= 2.2.3) and we do not want to depend on it.
   * Build-Depend on libpcap0.8-dev | libpcap-dev
   * Adjust scripts/gpl_feed.nasl so that it fits properly on a terminal
     (75 chars per line)
Files:
 4e74608a19197c3906bba8d30204f23a 885 admin optional nessus-plugins_2.2.3-1.dsc
 e58fed95aa7df8b1ceba7446c2d0e8ab 1430449 admin optional nessus-plugins_2.2.3.orig.tar.gz
 a95aa1bc7914d71afe3bf0603d04e3c1 329953 admin optional nessus-plugins_2.2.3-1.diff.gz
 2b3c09b4f06fd32a9e471bda1929...

Read more...

Revision history for this message
Michael Vogt (mvo) wrote :

The background of this problem is that recent versions of nessus changed the
license and that makes part of the plugins and scripts non-free. We ship version
2.2.0 so we should be save.

But: A lot of scripts under the scripts folder have as license "Nessus Script
License". There is no such license in the source of nessus-plugins or
nessus-core. So the copyright status is unclear.

I'll contact nessus upstream and ask for clarification.

Revision history for this message
Michael Vogt (mvo) wrote :

I just got a reply from upstream (Renaud Deraison) and he indeed claims that we
can longer longer distribute the the package and need to switch to
nessus-plugins-GPL-2.2.3.tar.gz

Revision history for this message
Michael Vogt (mvo) wrote :

Proposed solution is:

Sync (and verified that it will not break aynthing) from unstable after preview.

Revision history for this message
Michael Vogt (mvo) wrote :

This is fixed in the current version of hoary by syncing nessus-2.2.3

Bug Watch Updater (bug-watch-updater)
Changed in nessus-plugins:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.