Comments below... On 8/23/05, Ron Gula <[EMAIL PROTECTED]> wrote: > > I love the answer you gave the person bringing up one of those pesky > > license questions. Damn people who want to follow the rules! I would > > also question the line in the license. Does this really mean you can't > > use the Debian packages? I doubt it, but it should be clarified. > > The Tenable direct and registered plugins are for use, only with Nessus > daemons you've downloaded from nessus.org as either binary or source. If > you've gotten your Nessus daemon from a vendor who has put Nessus into > their product, another UNIX distro, .etc, the plugins are not for those > distributions, and the GPL plugins are what you should use.
Let me start by saying that I understand that Tenable has the right to use whatever license they want for the software they produce. It's much better that they use the current license than a strictly commercial one. However, I think that the current license has some problems that adversely affect legitimate users (who want to follow the rules as Kevin pointed out). I understand what Tenable is trying to do (prevent other companies who sell appliances, etc, from making money off their hard work) and I agree with that. I don't agree that users who want to install Nessus from packages should be restricted from using the Tenable plugins. Perhaps the wording of the license could be changed to either specifically allow the use of "operating system packaging systems" or allow everything except "vulnerability scanning appliances commercially purchased or leased from a company other than Tenable". Finally, I am not a lawyer, but from what I have read it is uncertain if this is an enforceable license restriction. See the EFF's comments on End User License Agreements at http://www.eff.org/wp/eula.php, specifically section 4 ("Do not use this product with other vendor's products."). > > How about the CPAN modules that let you run Nessus plug ins from perl > > programs? > > I'm not familiar with that implementation. I did see a CPAN module that > allowed parsing of Nessus plugins. Either way, execution of the Tenable > direct or registered feeds is only for daemons obtained from nessus.org. I think that Kevin was referring to Net::Nessus::Client or Net::Nessus::ScanLite, both of which do essentially the same thing. They act as a client and connect to a Nessus server. I would think that these (and other clients such as inprotect and Sensepost's BiDiBlah) are allowed under the current license (when used with a server from nessus.org) since the license only restricts what server can be used. Chuck _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
