On Tuesday 25 August 2009 14:06:06 Chandrashekhar B wrote: > >> I think all discovered information should be in the report, so > >> security_note() is appropriate in this case. log_message() should only > >> be used to log information such as plugins's inability to perform > >> something, error messages etc., > >> > >> The discovered information is always useful to analyze the effectiveness > > of > > >> the report, not everyone looks at logs. > > > > I agree in principle. > > > > But yet again: Should the NVTs that do collect information > > into the KB report on their own Security-level message? Isn't it a better > > design to have other scripts report on such information. > > security_warning/security_hole is generally used for reporting > vulnerabilities and security_note is always used to dump some info which is > generally useful to assess the report. I don't think there are Plugins that > use security_note to report vulnerabilities.
We had a pretty long chat about this on IRC today (http://www.linux.hr/openvas/archive/index.php?d=2009-08-25 starts at about 14:00)... the upshot is that I'm going to work on a draft CR for this... Mostly because if we're going to make a change, I'm interested in seeing it done right. Tim -- Tim Brown <mailto:[email protected]> <http://www.openvas.org/> _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
