Removal request of OpenVAS packages from testing
Dear Release Managers,
I would like to request you to remove *all* of the OpenVAS 2.x
packages from the current testing distribution. This includes the
following packages:
- libopenvas2 / libopenvas2-dev (version 2.0.4-2.1)
- libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1)
- openvas-client (version 2.0.5-1.1)
- openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2)
- openvas-server / openvas-server-dev (version 2.0.3-6)
Support for OpenVAS 2 was discontinued last year [2]. Providing
OpenVAS 2 to our Debian 'stable' users in our upcoming release is not
really a good idea. Even though the scanner/client works 'as it is',
users will not be able to download new plugins for this release from
the OpenVAs servers and it will not be possible for them to find
"recent" vulnerabilities in hosts they scan.
For the last 2 years I have provided experimental versions of OpenVAS
3, which seem to have not received to much attention from users. In
any case since that version is also going to be discontinued upstream.
Since the latest OpenVAS release is version 5 [1] (released May this
year) I will work towards providing OpenVAS 5 in our unstable
distribution. And, once available, will try to make backports
available for Wheezy too.
Removing the OpenVAS 2 packages from testing simplifies handling
upgrades to the newer version and also installations of the backports
of OpenVAS 5 packages in Wheezy.
Please let me know if I should open up an RC bug against these
packages for this removal.
Thanks,
Javier
[1] http://www.openvas.org/news_archive.html#openvas5
[2] http://lists.wald.intevation.org/pipermail/openvas-announce/2011-June/000127.html
Reply to: