One of the highest rated open source security programs, nessus, will no longer be open source. Quoting from an email from Renaud Deraison <[EMAIL PROTECTED]> to [EMAIL PROTECTED],
"Nessus 3 will be available free of charge, including on the Windows platform, but will not be released under the GPL. "Nessus 3 will be available for many platforms, but do understand that we won't be able to support every distribution / operating system available. I also understand that some free software advocates won't want to use a binary-only Nessus 3. This is why Nessus 2 will continue to be maintained and will stay under the GPL." I'm not sure if Nessus 3 will be supported as a FreeBSD package. Apparently the folks at Tenable feel that they have been supporting the open source community but have been getting little back in plug-ins and vulnerabilities and virtually nothing back on the scanning engine for over six years. In fact, they have been slowly tightening their licensing (cf. http://mail.nessus.org/pipermail/nessus/2005-January/msg00185.html), and it would appear that they can and will continue to tighten it over time. Fyodor's analysis (http://seclists.org/lists/nmap-hackers/2005/Oct-Dec/0000.html) is that the open source community should take heed. He provides a list of ways to contribute to open source software projects. While the list is excellent, there are no new ideas in it. The thing that seems germane to the FreeBSD community is that ports, even extremely popular ones, are vulnerable, since under the GPL the AUTHOR of the code is not bound by the same restrictions that the users are. I'm not a lawyer, but as I understand it, the author can create a derived work of something under the GPL and license the derived work (a "rewrite" in the case of nessus 3) and arbitrarily restrict it. Given Renaud's claim that no one contributed to the scanning engine, he seems to have every right to create a new and closed version of it. The moral here, if there is one, is that if you really like a port, then you should contribute to it one way or another! Comments? -gayn _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
