On Thursday 05 June 2008 00:51:26 Thomas Reinke wrote: > I like the idea of having a separate root OID for Debian local > scripts. That would allow us to auto-generate the OID > when we contribute the script, while avoiding conflicting > IDs. Otherwise, you're going to be regularly taking > stuff we contribute and manually re-working the IDs of > each script we contribute to avoid any potential conflicts. > > While OpenVAS should control the numbering scheme, you > probably want to have contributors doing the actual > numbering for you as much as possible.
Indeed, OpenVAS would act as a registry allocating OIDs much in the same way that CVEs are allocated. Root OIDs could be allocated to known organisations, for example a root OID for DSA generated plugins, a root OID for MSxx-xxx etc. For one off blocks, a specific OID could be allocated dependent on the class of vulnerability being checked. Moreover, there would be nothing to stop other vendors from registering their own root OIDs. Hell, Tenable could even adopt the change, and have their own root OID for their commercial plugins if they thought the change was beneficial. Tim -- Tim Brown <mailto:[EMAIL PROTECTED]> <http://www.nth-dimension.org.uk/> _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
