On Tue, 7 Dec 2004, Renaud Deraison wrote: > - The first one, is that the current feed will only contain GPL plugins > (ie: currently about 2,000 plugins). This means that the current > command "nessus-update-plugins" will continue to work properly, but you > will get less plugins than what you can get today, as (as many of you > have noticed), plugins released by my company (Tenable) are *not* released > under the GPL
What makes the difference between GPL and non-GPL plugins? I can find 530 plugins containing "GPL" and/or "GNU" (this includes some false positives, no doubt). 2268 containing "Nessus Script Licence" in various spelling variations. Hmm...this must be some kind of red herring because I can't find a copy of this licence in any copy of Nessus I have. And this herring is a pretty old one because two of the plugins in this set are from December 2001. <g> 2363 plugins containing "licence" or "license". Hundreds, perhaps thousands, of plugins, including many made by Tenable and many made by other parties, have no explicit licence, just a copyright notice. Most of them have been released in a tarball with a copy of GPL (and nothing else) in its top directory (nessus-plugins-*.tar.gz). Call me naive but I would expect you intended to release a file under GPL when you yourself put it into a tarball GPL'ed as a whole without any explicit licence notice. I find this situation rather confusing. To make it even more interesting and confusing, a large part of Tenable scripts without an explicit licence notice is a result of a mechanical translation of 3rd party data (vendor advisories). (Numbers based on all-2.0.tgz from Dec 4.) > So there are three ways to update plugins now : > > - a GPL feed containing the plugins submitted by the community ; A question: What happens when "the community" submits a fix or enhancement (esp. a substantial fix or enhancement) for a plugin made by Tenable? In my humble opinion the answer to this question should be considered carefully because I think it would be rather unfortunate if the result was a *disincentive* to contribute fixes and enhancements to these plugins. In my even more humble opinion, the things should be set up in way discouraging parasitism on one hand while encouraging support of the project (both in the form of money and in the form of work) on the other hand. An additional question: what happens when Tenable goes out of business? Will it take all its plugins to its grave? This might have been answered in their licence but I can't find it anywhere (even if you said "It will be made available to the general public later on today." on Wednesday...). On Wed, 8 Dec 2004, Renaud Deraison wrote: > As for the first part of your message, the current plugins _ARE_ brought > down and used by anyone, but some usages (like reselling them on an > appliance) are cleary unacceptable today already. If you are someone who > happens to be re-distributing the plugins commercially, maybe you should > have asked the copyright owner if you were allowed to do so. Is downloading plugins on behalf of a customer, testing and reviewing them (finding various bugs during the processes are reporting them back to you, often with fixes), repackaging them (perhaps with the fixes) as, say, an RPM package (to make them installable using the same mechanism other updates are installed), and giving them to the customer, considered a commercial redistribution and prohibited without an explicit permission? If yes, what would one have to do to get the permission? This is a tricky question because one could argue the money is not charged for the plugins themselves but for the service of serving them on a silver plate with a fresh cherry on the top. The boundary is pretty blurry esp. when this service is provided as small component of a larger support contract. (Moreover, a significant part of the results of this work would be contributed back to the project if it was done the way I've just described.) BTW: You said one running N>1 probes should get N activation codes, right? Does it mean I have to download new plugins N times using N different codes or can I download them once and distribute N copies internally? --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
