> > RPMFILES=               Nessus-3.0.4-suse10.0.${SUSE_ARCH}.rpm
> i don't understand, how could SUSE redistribute the binary package
> when the license agreement clearly prohibits them from doing so?

Sorry for the confusion.  This line is clearly wrong as well as misleading.

MASTER_SITES=           ${MASTER_SITE_SUSE100}

The binary is not available in suse, you must download it from
nessus.org after registering with them.

Are there existing packages (java?) that have a similar procedure of
manually downloading the distfile?

>
> or is that file the official one from Nessus?  it should not
> be called suse_nessus3 in that case.

It's an official build from Tenable Security (authors of nessus).
They have binary packages for several OS'.  However, NetBSD, is not
one of them.  I chose the suse 10 build because of the existing suse10
emulation built into netbsd and pkgsrc.

Would it be better for us to ask for a build for NetBSD and scrap the
os emulation?

> in any way, even that i use the software on a regular basis
> i am not going to import a package into pkgsrc unless it's
> clear whether we actually can do it without being sued.

provided what was just said, do you still think there is a legal risk to pkgsrc?


Thanks,
Jake