Package: release.debian.org Version: N/A Priority: grave Tags: rm I would like to request the Release Managers to remove *all* of the OpenVAS 2.x packages from the current testing distribution. This includes the following packages: - libopenvas2 / libopenvas2-dev (version 2.0.4-2.1) - libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1) - openvas-client (version 2.0.5-1.1) - openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2) - openvas-server / openvas-server-dev (version 2.0.3-6) In addition, please also remove the following package: - harden-remoteaudit: it depends on openvas-server (I have sent a bug to the package to update this dependency) Support for OpenVAS 2 was discontinued last year [2]. Providing OpenVAS 2 to our Debian 'stable' users in our upcoming release is not really a good idea. Even though the scanner/client works 'as it is', users will not be able to download new plugins for this release from the OpenVAs servers and it will not be possible for them to find "recent" vulnerabilities in hosts they scan. For the last 2 years I have provided experimental versions of OpenVAS 3, which seem to have not received to much attention from users. In any case since that version is also going to be discontinued upstream. Since the latest OpenVAS release is version 5 [1] (released May this year) I will work towards providing OpenVAS 5 in our unstable distribution. And, once available, will try to make backports available for Wheezy too. Removing the OpenVAS 2 packages from testing simplifies handling upgrades to the newer version and also installations of the backports of OpenVAS 5 packages in Wheezy. Regards Javier
Attachment:
signature.asc
Description: Digital signature