Taras,
On Thu, Jan 30, 2014 at 4:08 AM, Taras <ox...@oxdef.info> wrote:
> Andres,
>
> Thanks for description of the reason. There are at least two issues with such
> requirements:
>
> 1. It makes impossible to package&install w3af, e.g. into deb package, doesn't
> it?
That's a good question, I'm not packaging expert but I suppose there
is a solution? Also I suppose that this was an issue in the past,
without the specific version requirement? Lets follow this timeline:
* (assume) w3af is packaged in debian. Requires extra package
python-pdfminer-v1. No check for specific version of any pip package.
* foo is another debian package. Requires extra package python-pdfminer-v2
* User installs w3af: apt-get install w3af
* Run w3af, it works
* User installs foo: apt-get install foo
- Command will warn that it will break the w3af install? (not
sure, not a packaging expert)
- Command will succeed and replace python-pdfminer-v1 with
python-pdfminer-v2
* Run foo, it works
* Run w3af, it fails because now python-pdfminer-v2, which changes
the API is installed
> 2. If w3af requires 3rd party A version 1 and another application on the
> system also requires 3rd party A but version 1.1, how it will be solved by the
> user?
First, lets understand that this was an issue in the past too, right?
You can always use virtualenv:
$ virtualenv w3af-venv
$ . w3af-venv/bin/activate
(w3af-venv)$ cd w3af-repo
(w3af-venv)/w3af-repo$ ./w3af_console
(w3af-venv)/w3af-repo$ pip install ...
All the packages are installed inside the w3af-venv directory, and
while your prompt says "w3af-venv" you're using that specific python
Regards,
>
> В письме от 29 января 2014 19:03:23 пользователь Andres Riancho написал:
>> Taras,
>>
>> Added that because it is the best thing to do. Search the mailing
>> list for the issue we had with pdfminer, what happen there was:
>> * w3af had a requirement for pdfminer, any version
>> * w3af worked without issues with version 1 of that library
>> * The pdfminer developers released version 2 of that library
>> * People trying to install w3af, and because the requirement
>> didn't had any specific version installed pdfminer like "pip install
>> pdfminer"
>> * w3af stopped working because pdfminer changed its API, and
>> one of the functions we were calling wasn't there anymore
>> * Fix> Add specific version matching for pip packages
>>
>> On Wed, Jan 29, 2014 at 5:46 PM, Taras <ox...@oxdef.info> wrote:
>> > I was wrong...I have working **master** branch :(
>> >
>> > Andres, why did you add requirement for **exact** match of versions in
>> > 'feature/module' branch?
>> >
>> > $ grep -B5 'version matches'
>> > w3af/core/controllers/dependency_check/dependency_check.py
>> >
>> > for w3af_req in pip_packages:
>> > if USE_PIP_MODULE:
>> > dependency_specs = w3af_req.package_name,
>> > w3af_req.package_version
>> >
>> > for dist in pip_distributions:
>> > if (dist.project_name, dist.version) == dependency_specs:
>> > # It's installed and the version matches!
>> >
>> > ...
>> >
>> > В письме от 26 января 2014 14:39:14 пользователь Taras написал:
>> >> Israel, I have working "feature/module" version of w3af on 13.10
>> >> What problems do you have?
>> >>
>> >> В письме от 22 января 2014 21:53:48 пользователь Andres Riancho написал:
>> >> > Israel,
>> >> >
>> >> > Haven't tried with that specific version, but what's wrong with:
>> >> > git clone g...@github.com:andresriancho/w3af.git
>> >> > cd w3af
>> >> > git checkout feature/module
>> >> > ./w3af_console
>> >> >
>> >> > On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan
>> >> >
>> >> > <israelzero...@gmail.com> wrote:
>> >> > > Hi, does anyone have a working way to install W3af on 13.10?
>> >> > > --
>> >> > > Israel
>> >> > >
>> >> > > ---------------------------------------------------------------------
>> >> > > ---
>> >> > > --
>> >> > > ---- CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> >> > > Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> >> > > Critical Workloads, Development Environments & Everything In Between.
>> >> > > Get a Quote or Start a Free Trial Today.
>> >> > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg
>> >> > > .cl
>> >> > > kt
>> >> > > rk _______________________________________________
>> >> > > W3af-develop mailing list
>> >> > > W3af-develop@lists.sourceforge.net
>> >> > > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >
>> > --
>> > Taras
>> > https://www.oxdef.info
>
> --
> Taras
> https://www.oxdef.info
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
