On Wednesday 31 Oct 2012 20:30:49 Reindl Harald wrote: > nice - but the base of CentOS is stoneold > it is based on Fedora12/13 > until Fedora 15 openvas worked > now we have fedora 17 and soon F18 > > since HUNDRETS of packages are working well with > the gnutls of recent distributions and only openVAS > does onot run since nearly a year it is pretty clear > that openVAS is HORRIBLE broken > > WHY in the world was the switch to gnutls done instead > use openssl which works since decades relieable?
I'm not going to comment on the specifics of the bug, there are more active developers than I who will be able to help I'm sure however here are a couple of things to consider. If you think that OpenSSL is perfect then I'd suggest you read randombit.net's cryptography list[1] (you'll actually find people on there recommending GNU TLS over OpenSSL in fact - although it's largely a matter of taste - both having their own deficiencies). The reason OpenVAS uses GNU TLS is that to do otherwise would be against the license[2] under which OpenVAS is developed. In order to link against OpenSSL an exemption is required. This wasn't a problem when Tenable were releasing their own source and could grant themselves the exemption, but they never AFAIK explicitly stated that this was okay and indeed after closing the source (leading to the fork) made it clear that they wouldn't grant the exemption on their code to OpenVAS. Tim [1] http://lists.randombit.net/pipermail/cryptography/2012-October/003373.html [2] http://lists.wald.intevation.org/pipermail/openvas-discuss/2006- May/000192.html -- Tim Brown <mailto:timb@openvas,org> <http://www.openvas.org/>
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
