Re: Optional cryptography in Nessus
[Renaud: please scroll down]
On Sun, May 30, 1999 at 10:53:30PM +0200, Javier Fernandez-Sanguino Pen~a wrote:
> > > A program I'm currently thinking of packaging (nessus, a network
> > > administration tool similar to SATAN)
> >
> > You shouldn't :) Javier Pena and me are already interested in it,
> > and we almost have the package ready. It is possible that Javier's
> > package is already accepted in the archive by now...
>
> Well, as a matter of fact is Javier Fernandez-Sanguino Peña :) And
I'm sorry.
> yes, nessus is sitting in Incoming, waiting to be accepted, you can get a
> copy from
> http://www.dat.etsit.upm.es/~jfs/debian/nessus
> Try it if you will.
I also noticed one problem - if this package gets accepted, you will have
to use epochs for naming the next version, which is alpha2-fix4. I propose
that we move these files of Incoming, and that you upload the new version,
0.0.alpha2-fix4. That way there will be no problem in the future (for
example, with version 0.5 or 1.0 etc).
> > > So my question is, should I provide a non-crypto enabled version, and
> > > if so, do I need to have seperate source packages?
> >
> > Two sources are definitely needed, however, I don't know whether we
> > actually need to change the US one to exclude anything crypto related.
> > I'm CC:ing also our -legal team, which should know what to do.
>
> Im not sure about that, US law will nowt allow distribution of
> strong criptography, but nessus, as far as I know does not use *strong*
> criptography, but someone should check the sources. ¿anyone?
I have asked the author, but he didn't say anything. I'm CC:ing
him now so he can tell us for sure.
> If it does use 128 bit criptography it should have tow sources,
> the version I packaged, however (990201) currently does not provide two
> packages ,anyone can help?
It shouldn't be so hard task, if the source can be left unchanged,
than it's only a slight change in debian/control file.
--
enJoy -*/\*- http://jagor.srce.hr/~jrodin/
Reply to: