lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Oct 11 06:34:35 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Call to participate: GNessUs security scanner 

On Mon, 10 Oct 2005 22:07:19 EDT, security curmudgeon said:

> Nessus has been open source for a long time. Despite that, the majority of 
> contributions have come from a very small amount of people. Even with 
> plugins, some 95% (i think) were written by the Nessus team, not outside 
> contributors.

At least for some people (including myself), software verifiability and
transparency is important.  I've never contributed code to the Nessus tree, but
the availability of the source so we can tell what it's *really* doing has been
important more than once.  And there's philosophical appeal in  the idea of a
product being open-source, and software company business models organized
around consulting/support contracts (see Sendmail Inc or Red Hat for example).

Having said that, I don't particularly insist that it need be a *GPL* license.
Most of the OSI "Open Source" licenses would be acceptable (and in fact, I've
dealt successfully with more than one project where the source was "available
but closed" - Dan Bernstein isn't the only guy with his style of licensing).

Of course, the fact that the Nessus 2.2.5 tree is *already* GPL means 2 things:

1) Tim is totally in his rights to start a fork - if anything, the right to
fork the tree is one of the primary rights under the GPL.

2) The Nessus crew can't easily un-GPL the code either.  The most practical way
to do that would be to release a Nessus 3.0 that shares absolutely zero of the
code, and under whatever new license they want.

All in all, instead of a fork, I'd rather see planning to make sure somebody is
ready to take over stewardship/maintenance of the code when Tenable finally
wants to get out of keeping the Nessus 2.X tree.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051011/bf2dab1f/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ