From owner-freebsd-questions@FreeBSD.ORG Thu Oct 6 16:04:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6742F16A41F for ; Thu, 6 Oct 2005 16:04:38 +0000 (GMT) (envelope-from gayn.winters@bristolsystems.com) Received: from bristolsystems.com (h-68-167-239-98.lsanca54.covad.net [68.167.239.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F11443D46 for ; Thu, 6 Oct 2005 16:04:38 +0000 (GMT) (envelope-from gayn.winters@bristolsystems.com) Received: from workdog ([192.168.1.201]) by bristolsystems.com (8.11.6/8.11.6) with ESMTP id j96G4bn21404 for ; Thu, 6 Oct 2005 09:04:37 -0700 From: "Gayn Winters" To: Date: Thu, 6 Oct 2005 09:04:27 -0700 Message-ID: <058f01c5ca8f$a3ed7730$c901a8c0@workdog> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal Subject: Nessus no longer open source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: gayn.winters@bristolsystems.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Oct 2005 16:04:38 -0000 One of the highest rated open source security programs, nessus, will no longer be open source. Quoting from an email from Renaud Deraison to nessus-announce@lists.nessus.org, "Nessus 3 will be available free of charge, including on the Windows platform, but will not be released under the GPL. "Nessus 3 will be available for many platforms, but do understand that we won't be able to support every distribution / operating system available. I also understand that some free software advocates won't want to use a binary-only Nessus 3. This is why Nessus 2 will continue to be maintained and will stay under the GPL." I'm not sure if Nessus 3 will be supported as a FreeBSD package. Apparently the folks at Tenable feel that they have been supporting the open source community but have been getting little back in plug-ins and vulnerabilities and virtually nothing back on the scanning engine for over six years. In fact, they have been slowly tightening their licensing (cf. http://mail.nessus.org/pipermail/nessus/2005-January/msg00185.html), and it would appear that they can and will continue to tighten it over time. Fyodor's analysis (http://seclists.org/lists/nmap-hackers/2005/Oct-Dec/0000.html) is that the open source community should take heed. He provides a list of ways to contribute to open source software projects. While the list is excellent, there are no new ideas in it. The thing that seems germane to the FreeBSD community is that ports, even extremely popular ones, are vulnerable, since under the GPL the AUTHOR of the code is not bound by the same restrictions that the users are. I'm not a lawyer, but as I understand it, the author can create a derived work of something under the GPL and license the derived work (a "rewrite" in the case of nessus 3) and arbitrarily restrict it. Given Renaud's claim that no one contributed to the scanning engine, he seems to have every right to create a new and closed version of it. The moral here, if there is one, is that if you really like a port, then you should contribute to it one way or another! Comments? -gayn