RE: Nessus to be removed from Debian, please switch to OpenVAS - possibly in Non-Free repositories?
Thanks Javier, Gerardo,
Read too fast before running off to the server room for the morning's
tasks. Will get them into my machine now that I know where to find them.
-----Original Message-----
From: javifs@gmail.com [mailto:javifs@gmail.com] On Behalf Of Javier
Fernandez-Sanguino
Sent: Tuesday, August 04, 2009 8:51 AM
To: Joseph Abbotts
Cc: debian-security@lists.debian.org
Subject: Re: Nessus to be removed from Debian, please switch to OpenVAS
- possibly in Non-Free repositories?
2009/8/4 Joseph Abbotts <jabbotts@ismp-canada.org>:
> I'm all for having more tools to help settle my healthy paranoia but
I'm not seeing the server package:
Because, as I said in my email, this is only available in Unstable.
Openvas-server did not get released with Debian lenny (stable) and, in
any case, Nessus will not be removed from the current stable, just from
unstable.
> Also, if upstream is not going to maintain it at all and the Debian
>package maintainer's time is then better spend helping with openVAS
>(if they so choose of course) then off it goes. It's just a heck of a
>heavyweight to drop completely. Between it's reports and importing the
>NBE into metasploit for exploit confirmation, it's a hard habit to give
>up. Any chance of seeing it in the Non-Free instead has upstream
>dropped it's upkeep completely? (Boo Nessus.. Wish they'd have kept to
>the FOSS lower, value added retail upper
> model)
Well, OpenVAS does generate NBE reports too, you might want to try it
out in combination with Metasploit. In any case, Nessus' upstream
already provides Debian (and Ubuntu) packages for the latest releases.
These cannot go into Debian's non-free as they do not provide any source
code we can build from (even with a non-free license) and the project
doesn't have any authorisation to redistribute the binary blobs.
Regards
Javier
Reply to: