Renaud Deraison wrote:
> clearly can not do any good. Add to this that the scripts on the page
> are there for educational purposes, not really for installation purposes
> (as they are not corrected over the time)...
An incredibly easy mistake for anyone to make.
a) The web site until very recently suggested these were the
latest scripts.
b) The software that would appear to keep your nessus system
up to date (nessus-update-plugins) works off the text
equivalent of this page. (Or at least it did until recently.
This suggests this page WAS authoratative).
We noted recently the change on this page to say that it is
"for educational purposes only". This actually ADDS a Nessus
weakness. The ability to cleanly and easily update your test
environment (and know WHAT is being updated) is not available
(arguably never was, but the perception was there that it was).
If Mandy makes that mistake, I'll guarantee that users that
want to rely on using an up to date Nessus will also make
that mistake. The "keep-things-up-to-date" infrastructure
I suspect needs to be cleaned up a bit, even if its just
a case of deleting "nessus-update-plugins" (or changing
its behaviour).
Thomas
