Taras,
Please read inline,
On Wed, Feb 8, 2012 at 11:27 AM, Taras <ox...@oxdef.info> wrote:
> Hi, all!
>
> Let's take a look on common case - installation of w3af on Debian
> (current stable 6.0 Squeeze) or even Ubuntu.
>
> 1. svn export trunk version of w3af
> 2. ./w3af_console ...see absent dependencies
> 3. Ok, sudo aptitude install python-nltk python-soappy python-pyopenssl
> python-lxml python-svn python-scapy
> 4. Try ./w3af_console again. See absent nltk module and there is no such
> module in Debian repository which is the most big repository among Linux
> distros. Same case with pybloomfiltermmap.
Ok,
> What I want to say is do we plan to reduce hard dependencies for w3af
> and make possible to use w3af on every Linux distro without installing a
> really big number of dependencies?
No, we don't really have a plan for that.
> Especially those dependencies which
> can't be installed on distro native way (apt/yum/...).
Maybe the solution is to invest in creating an deb package for the
missing dependencies?
> Yes, I know that
> there are a lot of really useful Python 3rd party modules but
> I have a lot of life examples when people said "Hmm, I don't want to
> install such big number dependencies and especially not from official
> repository to run this scanner".
>
> What do you think about it?
We're always going to have people that think that *something* is
wrong, sadly, that group is much bigger than the group that sees and
issue and tries to fix it.
This problem, IMHO, is not in out Top50 priorities. We've got a
ton of things to work on before thinking about some guys that complain
about the installation process because "not everything is in APT". I
would hate to see an installation process that's difficult and doesn't
work, but in our case it has improved a lot and works (almost in every
linux distribution I've heard).
Some bad things I see in our installation process is that our code
is focused on guiding the users of Debian based distributions; which I
see as incomplete and useless for people running the installation in
RedHat/Fedora based distributions. Maybe there is an effort to be made
there? (detect distribution and show dependencies and commands
accordingly)
In the future I see the amount of dependencies slowly growing once
again, for example, we'll need *some library* to support javascript
web applications, and that library will have other dependencies too.
Also, one question, what do you mean by "hard dependencies" ? Do
you want to move some to "optional" ?
Regards,
> --
> Taras
> http://oxdef.info
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
