Hello, Jan and I have been thinking about discontinuing the release of openvas-plugins tarballs and distributing the plugins only through the existing Feed Services.
The background is that using both the tarball and the openvas-nvt-sync script does under certain conditions lead to a race condition in the plugin cache which causes openvasd to use an outdated cached version of a plugin even though the plugin has changed in the feed. We have tried to compensate for this by making adjustments in the synchronization script, but this has the side effect of disproportionately increasing the time and bandwidth needed to synchronize with the feed. I would like your opinions regarding the following issues: - What would be the consequences of discontinuing the tarball release? There should not be installations which use only the tarball and never sync, should there? - What mechanisms should be available for users who cannot sync using rsync due to restrictions on firewall or proxy level? - Should openvasd force an initial sync during installation or just display a notice that a sync is need to use OpenVAS? - Any other issues you can think of. :) I'm looking forward to your opinions. Please do not hesitate to ask if my proposal does not make sense to you. I am crossposting this to openvas-discuss and openvas-plugins as well to reach all involved parties. Please keep crossposting to a minimum in your replies and try to reply in openvas-devel. Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgpuDs27QLuNt.pgp
Description: PGP signature
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
