-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
package naming issue for official linux maintainers/developers #197
Comments
I've written some explanations and details about our components last week here https://community.greenbone.net/t/is-openvas-manager-and-gvmd-the-same/1777 Maybe that helps to understand what's going on at our side. |
Let me know if this thread already clarifies most issues or if you need additional info. Thanks a lot for opening this issue and getting in touch! |
Thank you @bjoernricks https://community.greenbone.net/t/is-openvas-manager-and-gvmd-the-same/1777
So all components renamed expect openvas-scanner. Sorry but this is so weird.Everywhere, i mean in every linux distro your components known by this name "openvas-libraries" | "openvas-manager" etc. Could you correct me for any misunderstanding? After now the main public name of this project is "GVM" instead of "OpenVAS" and all your components name changed according to below table? Main Name:
Components Names:
|
Greenbone had real issues with not being visible as the company behind OpenVAS in the past. Therefore the name changes had become necessary. AFAIK debian has Replaces and Provides exactly for these process. We are not the first project changing its name.
As I wrote before I would consider gvm-libs as a new component that replaces openvas-libraries. We use gvm-libs as the new name.
Exactly.
Exactly.
To be 100% correct gsa has two parts with GVM 10. The web page written in react which we call gsa (greenbone security assistant) now and the gsad which is the http daemon that maps http calls to GMP and can provide the static content files. In OpenVAS 9 gsad did generate all pages and the dynamic content. Personally I don't see a difference if you would still call the package greenbone-security-assistant.
openvas-cli is abandoned. It was written in C and isn't developed anymore. gvm-tools is a replacement tool written in python 3. Both have nothing in common besides providing cli tools and talking the GMP/OMP protocol. |
Some additional info about the architecture can be found here https://community.greenbone.net/t/about-gvm-architecture/1231 |
@bjoernricks : |
plus @fcolista This structure will make your community edition name (know as OpenVAS for years) completely out of sync in package managers for all linux distros. If i bump your next stable version named as gvm-10 and change all component names like "gvmd" | "gvm-libs" how people reach that? Who knows gvm? Please believe me it will take ages to people understand your name changed and your name synced with all linux distros.Your biggest success is a name openvas which synced with linux world.This is not simple thing. @bjoernricks Is there any legal issue from your side, if we continue to use old naming structure for your next stables but in package description we honour the greenbone ? |
I will chime in with some history information, as best as I know/remember. Viewing this from a licensing/copyright perspective might help. I am not a lawyer though ;) OpenVAS project started with openvas-scanner and openvas-libraries (and openvas-client which is abandonware.) This part of the codebase was mostly GPLv2-only (inherited from Nessus, which went proprietary.) and can't for example link against new Samba versions due to its GPLv3 license (thus the usage of openvas-smb fork and Impacket tool at the moment.) All the new code that is developed by Greenbone is GPLv2+ afaict, this includes openvas-manager/gvmd, greenbone-security-assistant, new files in openvas-scanner and openvas-libraries etc,. Over the years, openvas-libraries accumulated new GPLv2+ code, along the old GPLv2 non-Greenbone code. With this new release, the old parts (misc/ and nasl/ in openvas-libraries) were moved to openvas-scanner, while new parts that are written by Greenbone (+ new features, bug fixes, cleanup's etc,.) are now known as gvm-libs. Now we have: New parts (gvm-libs, gvmd, gsa, gvm-tools...): GPLv2+. All were developed from scratch by Greenbone. |
Hi everybody,
As I understood this look like this in the future:
What will happen with openvas-cli? I can't find a repository for it in your github organisation. Is this project still work in progress and/or necessary for the greenbone-security-scanner or should I ship greenbone-tools (gvm-tools) instead. And what do you guys prefer as package names? The full name like @fcolista I agree with you. It would be much nicer if we could rename |
This could be interesting for my Co-Maintainer @anthraxx as well. |
You can find their current naming structure below which @bjoernricks approved. It is still not clear for me that can we decide our prefered package names for this project without any legal issue? But in any condition we all have to be synced about package names.I agree that "gvm, gvmd etc. will be too short and looks too random" It seems there is no more project named "OpenVAS" and now official name is "GVM". But below namings certainly will make users confused.
|
Basically this should be a detailed (not official) overview. I have marked the package names TBD which can be filled in once a consent have been found. Please correct me if anything in this table below is not correct. For the "old package name" i had chosen the naming scheme from Debian, not sure if other Distributions like Arch are currently using a different name. Please let me know if this is the case.
There are a few components like the following which i havn't mentioned yet: |
Personally for me it doesn't matter if the packages are using the abbreviated names like our github repos e.g. gvm-libs or long names like greenbone-vulnerability-management-libraries. I've seen a lot of different package names already. So from my side the packagers are free to use whatever name fits best for them. Greenbone had to experience that the project umbrella name OpenVAS creates a lot of headaches and issues with customers. Therefore the decision was taken to rename OpenVAS to GVM for the next release and already to talk about GVM instead of OpenVAS. |
Hi, I would like to let you know that after we got your feedback and had an intensive internal discussion we decided to release gvm-libs with version 10.0 instead of 1.0. Hopefully this addresses the major issue with openvas-libraries and gvm-libs for you. |
Thanks.
|
@ all: Keep in mind that the transition from openvasmd 7.0 to gvmd 8.0 needs some migrations steps for existing installations / setups as outlined in https://github.com/greenbone/gvmd/blob/v8.0.0/INSTALL.md#migrating-to-version-80 |
Thanks @bjoernricks @cfi-gb ! @fcolista i see that you have pushed latest components.Congrats to Alpine Linux.
What is your main package name in Alpine.It seems /etc/openvas is now /etc/gvm I could not find that in repology.org. |
@hsntgm in Alpine the packages are: |
Feel free to use & develop it for Alpine. |
@cfi-gb Thanks for tagging me, I'm going to work on new version of the packages these days. |
We are collecting hints for installation changes here https://community.greenbone.net/t/hints-for-migration-to-gvm-10/1971 Please let us know if something is missing. I am going update the topic with fresh info for the others. |
Btw. the current GSA release tarball for 8.0.0 seems to be defect: greenbone/gsa#1258 I've already fixed the issue in the gsa-8.0 branch. A quick patch would be to just out-comment the failing include or to create an empty |
I have a problem with GSA. Gentoo is source-based distribution.I need precompiled npm stuff for greenbone-security-assistant (complete release tarball ).In gentoo it is not allowed to fetch npm stuff in compile time.It is also not possible to fetch all stuff in package.json manually.There are lots of packages. I am not familiar with node & npm & react.Any suggest are welcome otherwise i am not able to bump GVM-10 for gentoo. |
@hsntgm This is currently discussed in a separate issue within the GSA repository: greenbone/gsa#1261 |
@mrazavi64 FYI: #197 (comment) as it seems https://launchpad.net/~mrazavi/+archive/ubuntu/gvm using a |
I am not familiar how packaging nodejs dependencies is handled in distributions. So I am relying on downstream for a possible solution of this problem. |
@cfi-gb Thanks for your comment, I'm going to rename it back to |
Renamed GVM 10 packages are available in atomic now for EL7 and FC29, the other distros are coming up soon. We went with: greenbone-vulnerability-manager (formerly openvas, our loader package for the whole suite) |
This could introduce some confusion for the following reason (because of the naming decision to go for GVM and GVMd which are differently): GVM = Greenbone Vulnerability Management (The projects "main" name, including e.g. openvas-scanner, gvmd, gvm-libs, ...) |
great to have that discussion and all your input, as i'm currently in the midst of packaging the new versions for fedora. and one last question: what happens to www.openvas.org? |
For new release (GVM), i updated openvas.org to greenbone.net when packaging for gentoo. Also licences are updated to GPL-2+ for all new components.Only openvas-scanner has mixed GPL-2 & GPL-2+. I am still waiting for 'greenbone-security-assistant 8.0.0' to be ready for source-based distros.I think all source-based distro's maintainers including arch one are waiting this too. |
Hi GVM maintainers & Greenbone Team & Users, This is the wiki page that i made for gentoo linux. Feel free to update it for newer gvm-11 if you have time. Also all feedbacks are welcome from upstream for missed informations. Gentoo wiki --> https://wiki.gentoo.org/wiki/Greenbone_Vulnerability_Management @hsntgm |
Could you change that sentence? Some history background. After the fork from nessus which as called Open Vulnerability Assessment System (OpenVAS) there was only the scanner. Greenbone did add several components in the meanwhile but wasn't very visible. Therefore we decided to rename the "suite" to GVM and use OpenVAS for the scanner only. Therefore OpenVAS became an acronym for Open Vulnerability Assessment Scanner now. |
Btw. I would love to establish a communication channel between the packagers from distributions and Greenbone. At https://community.greenbone.net/ we are getting ask a lot of questions which are distribution specific or already fixed but not packaged yet. |
@bjoernricks I was swamped with work, so I just started to package the new version of "openvas" in Debian. I noticed that "openvas-scanner" renamed as "openvas", which causes the conflict issue in Debian, because we already have a "openvas" package [1] which is a dummy package and aims to install all components of "openvas." I think one of the solution to minimize the impact is to add an alias name "openvas-scanner" to "openvas" What do you think? |
I thought I already wrote something about that but can't find it. For me it would completely fine to stay with openvas-scanner as the package name for http://github.com/greenbone/openvas because it is still the scanner component. |
#189
@bjoernricks
I confirm that there is definitely misunderstanding about openvas-libraries vs gvm-libs from our side.
ping for issue -->
@fcolista for Alpine
@shibumi, @anthraxx, @GIJack for Arch
@hsntgm for Gentoo
@rhertzog, @szlin for Debian
@sbrun for Kali
@atomicturtle for the Atomic repo
@mrazavi64 for the ~mrazavi PPAs
@tgurr ?
@cheese1 for Fedora
While bumping your next stable version the below information will create confusion for package maintainers/developers.
Could you clearly/officially confirm/explain your all package names for your next stables?
Best Regards,
Edit
The text was updated successfully, but these errors were encountered: