Subject: Re: nessus3 package + handling binary only packages.
To: Jake Kupersmith <>
From: Lubomir Sedlacik <>
List: tech-pkg
Date: 11/15/2006 22:34:48
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On Wed, Nov 15, 2006 at 02:09:02PM -0500, Jake Kupersmith wrote:
> There is no nessus3 package in pkgsrc.. probably due to
> the fast they changed the license and you can only
> download binaries of nessus3...
> I have created a package 'suse100_nessus3'  which uses the
> suse 10 emulation packages.  The package builds and
> installs cleanly, it just needs to be modified for the
> proprietary license / manual binary download.
> Can I send this package upstream to someone to add to the
> cvs tree?  Can someone give me an example of what changes
> are needed before being added?
> ...
> root@shake {22} /usr/pkgsrc/cox
> # cat suse100_nessus3/Makefile.i386
> # $Id: Makefile.i386,v 1.1 2006/11/10 01:32:39 jkupersm Exp $
> RPMFILES=3D               Nessus-3.0.4-suse10.0.${SUSE_ARCH}.rpm

i don't understand, how could SUSE redistribute the binary package
when the license agreement clearly prohibits them from doing so?

"5. No Reverse Engineering, Other Restrictions.
 You may not directly or indirectly: (i) sell,
 lease, redistribute or transfer any of the
 Software on a stand-alone basis; (ii) decompile,
 disassemble, reverse engineer, or otherwise
 attempt to derive, obtain or modify the source
 code of the Software; (iii) reproduce, modify,
 translate or create derivative works of all or
 part any of the Software; (iv) rent, lease or
 loan the Software in any form to any third party
 or otherwise allow a third party to use the
 Software; or (v) remove, alter or obscure any
 proprietary notice, labels, or marks on the
 Software.  You may not sublicense any of the
 rights granted to You in this Agreement.  You may
 not distribute or otherwise provide Software to
 third parties.  You are responsible for all use
 of the Software and for compliance with this
 Agreement; any breach by You or any user using
 the Software on Your behalf shall be deemed to
 have been made by You."

IANAL, but "You may not distribute or otherwise provide
Software to third parties." sounds like it _might_ possibly
apply to pkgsrc as well.

or is that file the official one from Nessus?  it should not
be called suse_nessus3 in that case.

in any way, even that i use the software on a regular basis
i am not going to import a package into pkgsrc unless it's
clear whether we actually can do it without being sued.


-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.5 (NetBSD)