On Tue, 2005-10-11 at 15:23 -0400, Mercer, Jeff wrote: > It's certainly not been a topic every single day, but Renaud has brought up > the issue of Nessus contributions more than once. >
It had reached the point where he thought it best to remove any chance of anyone helping, but didn't think it wise to make a last plea for help ? Closing source doesn't solve this problem all it has done is divide Nessus into effectively 3 (at minimum) projects. This hasn't solved the problem of contribution, it's just created more products - requiring yet more contributors. > >The decision was made by Tenable, apparently without consulting the > >people they wanted to help them. Shouldn't the first step have been > >to ask for help if help was what was required ? > > a) If it's an open source project, there's nothing to stop folks from > volunteering. Patch acceptance stops them, some OSS projects don't accept them - try getting a patch accepted for XScreensaver for example. I'm not saying Nessus doesn't accept patches, just that if they *want* them they have to ask for them. If it gets to the point where closing source is a consideration it's a good idea to discuss it openly, open discussion is another way of inviting contributors. > > b) Per the point I was making, Renaurd has been the primary contributer to > the Nessus project. This is not at all unusual, most open source projects > have a tiny number of major contributors. Even Firefox is the work of only a > small core group > > c) Renaud has said in his recent messages to this list that the main reason > for > not open sourcing Nessus3 is there's been no significant contributions to > the > project Indeed, however closing source makes no difference to this problem as it decreases the potential for contributions, you have the same people working on it, but less people *able* to work on it. This hasn't solved any problems and I don't see it as a valid reason to close source. I'm not disagreeing with Tenables decision - that is theirs to make, I just don't see this point as a valid reason for taking the decision. > AND they are tired of supporting their competition which > unethically > uses Nessus without acknowleding such. > Again closing source doesn't solve this. The competition don't use the source generally they use binaries - they may build from source but they rarely edit it. They can still use the closed source binaries. Only thing stopping them is the license, the license could have changed to accommodate this desire without the source closing. Again closing source irrelevant to this point. > >You'll notice that there are now a couple of groups considering forking > >the code, because they feel it's important to them. > > And that's fine with me. Yeh me too. > > >They *might* have contributed rather than forking if this had been > >requested of them. > > You've just proved my original point. Folks were too lazy to contribute as > long as someone else (i.e. Renaud) was doing all the work. Now that he's not > going to contribute to the GPL Nessus anymore, they are forced to get up and > do some work. The threat of closing source may have had the same impact, but this wasn't attempted. Which was my point. > Or are you saying people are impossible of volunteering without constant > harassment? No, I'm saying that it helps. > It's about the Tenable business model, not lack of contributions. Above you said it was because of lack of contributions AND (emphasis yours) because of their business model. Business is the valid reason behind this, Tenable believe that they will have an edge in the market if they keep their work in house. This makes a lot of sense in the current marketplace and is the only valid reason they have given for closing source. However, lack of contributions and the fact that competitors bundle Nessus in their offerings isn't fixed by closing the source. > Tenable is a company that makes money off of appliances that uses Nessus. So > they hire programmers to work on Nessus. They've decided to write a bunch of > proprietary code and create a new version of Nessus and not GPL it. In other > words, the code has ALREADY FORKED. I do understand how forking works and I know they have forked the code, all I have said is that this doesn't solve the issue Tenable have mentioned. In fact it's made it worse as now no one can contribute to Nessus 3 outside Tenable and Nessus 2 will have less work done than it has benefited from in the past. > It's not a big deal, because no one can rightfully say that Renaud or others > at Tenable are obligated to continue to contribute to Nessus. What would > have happened if Renaud just quit writing code and decided to become a tree > surgeon, and Tenable went out of business? Nessus would be in about the same > state it's going to be in now... I don't believe I have said anything like that. All I said is that these reasons for closing source don't add up. The only one that does is that they will have an edge if they create a superior product and are the only ones that know how it works, (even that is slightly debatable as they had a similar edge being the biggest contributors). This is purely a business move. People will contribute less to Nessus as it has now forked into at least 3 projects the skills are more widely spread and competitors can still bundle Nessus if they like, as long as they don't mind ignoring the license. Lack of contributions and the fact that people use the software without giving credit are not valid reasons to close the source - because closing source doesn't solve them. It makes it *seem* like Nessus are "going home and taking their ball with them". The statement puts blame on other people ie.. those that used the product without giving back, which is not an admirable way to treat users of your software - even if they are the competition they are still users. Tenable have the right to do with their copyright as they wish, but making it appear as if their decisions are based on the faults of other people, worse *their users*, is not an admirable thing to do. I would have had more respect for the decision, as someone who relies on Nessus, if they had the honesty to say that it was purely business and nothing personal. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
signature.asc
Description: This is a digitally signed message part
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
