I'll also bite :-)
(i'll bite to that, even though we're going off-topic, mainly because Nessus-on-Debian comes to light regularly)
Ok. No you have two scenarios:
On Tue, Mar 04, 2003 at 09:20:55AM -0800, Anne Carasik wrote:
Renaud Deraison grabbed a keyboard and typed...
On Tue, Mar 04, 2003 at 09:12:35AM -0800, Anne Carasik wrote:
# apt-get install nessus*
You'll end up with Nessus 1.0.x if you do that. Until Nessus 2.0 is in their "stable" apt repository (or whatever the name is), I won't recommend debian (except if you want to live in 1998 again).
I use unstable. You're talking about only using the stable distribution.
I'm talking about using the _default_ setup of the distribution. I think this is what a lot of Debian advocates fail to understand - believe it or not, not everyone enjoys tweaking his system now and then to install package from stable and from unstable. If you need to change a single line to your apt-get.conf to install a post-1998 version of Nessus on debian, then you're not using the default OS but a tweaked version.
a) RedHat: no Nessus at all b) any other distribution (Debian, Mandrake, SuSE): old versions of Nessus c) FreeBSD, OpenBSD: ports system
Now, how does it differ to
a) install from scratch, take care of having development libraries installed
b) upgrade to a new release
c) compile for your system (not much difference with a) if the product is done properly)
This mostly is why I do not recommand using Debian - people who want to have fun with their OS might like it, people who simply want to put their OS to work will run Nessus 1.0.x because of their poor (not to say stupid) policy of reasoning in terms of distribution and not of packages. (and this is why I like FreeBSD)
I would expect that somebody that wants to use Nessus will take more time to configure/tune his OS. For one thing, he needs to grab nmap (and he also wants the latest release to have accurate OS fingerprinting). At least, from the informal poll done in this list it show that there are no people running Nessus 1.0.x with Debian 3.0, most of them have found a supported upgrade path to newer Nessus releases. Either taking the packages and compiling them (equivalent to the port system) or taking non-official 2.0.x packages (backported to stable) or upgrading their whole system [1] to unstable/testing [2]
In any case, the policy you call poor and/or stupid is the same for Debian, Mandrake or SuSE. Debian has slower release cycles, that's all. It's also a volunteer-based distribution.
I would also like to see the kind of support a guy running Nessus from the ports system in FreeBSD or installing it on RedHat would get from either one (I suspect close to 0, i.e. you're on your own).
So, while I do see your point and I would also like to have faster Debian release cycles, I don't arguments for bashing Debian vs. RedHat or FreeBSD. In any case, I don't suspect we will get to an agreement here.
Regards
Javi
[1] People do it for more reasons than just having Nessus. For example, to have the latest GNOME or KDE desktop.
[2] Notice that the version in testing is also 1.0.x due to a glibc bug holding, not only Nessus, but quite a number of packages from migrating from unstable to testing.
