Re: Nessus to be removed from Debian, please switch to OpenVAS - possibly in Non-Free repositories?
2009/8/4 Joseph Abbotts <jabbotts@ismp-canada.org>:
> I'm all for having more tools to help settle my healthy paranoia but I'm not seeing the server package:
Because, as I said in my email, this is only available in Unstable.
Openvas-server did not get released with Debian lenny (stable) and, in
any case, Nessus will not be removed from the current stable, just
from unstable.
> Also, if upstream is not going to maintain it at all and the Debian package maintainer's time is then better spend helping with
> openVAS (if they so choose of course) then off it goes. It's just a heck of a heavyweight to drop completely. Between it's reports and
> importing the NBE into metasploit for exploit confirmation, it's a hard habit to give up. Any chance of seeing it in the Non-Free instead
>has upstream dropped it's upkeep completely? (Boo Nessus.. Wish they'd have kept to the FOSS lower, value added retail upper
> model)
Well, OpenVAS does generate NBE reports too, you might want to try it
out in combination with Metasploit. In any case, Nessus' upstream
already provides Debian (and Ubuntu) packages for the latest releases.
These cannot go into Debian's non-free as they do not provide any
source code we can build from (even with a non-free license) and the
project doesn't have any authorisation to redistribute the binary
blobs.
Regards
Javier
Reply to: