On Tue, 2005-10-11 at 15:23 -0400, Mercer, Jeff wrote:
It's certainly not been a topic every single day, but Renaud has brought up
the issue of Nessus contributions more than once.
It had reached the point where he thought it best to remove any chance
of anyone helping, but didn't think it wise to make a last plea for
help ? Closing source doesn't solve this problem all it has done is
divide Nessus into effectively 3 (at minimum) projects. This hasn't
solved the problem of contribution, it's just created more products -
requiring yet more contributors.
The decision was made by Tenable, apparently without consulting the
people they wanted to help them. Shouldn't the first step have been
to ask for help if help was what was required ?
a) If it's an open source project, there's nothing to stop folks from
volunteering.
Patch acceptance stops them, some OSS projects don't accept them - try
getting a patch accepted for XScreensaver for example. I'm not saying
Nessus doesn't accept patches, just that if they *want* them they have
to ask for them. If it gets to the point where closing source is a
consideration it's a good idea to discuss it openly, open discussion is
another way of inviting contributors.
b) Per the point I was making, Renaurd has been the primary contributer to
the Nessus project. This is not at all unusual, most open source projects
have a tiny number of major contributors. Even Firefox is the work of only a
small core group
c) Renaud has said in his recent messages to this list that the main reason
for
not open sourcing Nessus3 is there's been no significant contributions to
the
project
Indeed, however closing source makes no difference to this problem as
it decreases the potential for contributions, you have the same people
working on it, but less people *able* to work on it. This hasn't solved
any problems and I don't see it as a valid reason to close source. I'm
not disagreeing with Tenables decision - that is theirs to make, I just
don't see this point as a valid reason for taking the decision.
AND they are tired of supporting their competition which
unethically
uses Nessus without acknowleding such.
Again closing source doesn't solve this. The competition don't use the
source generally they use binaries - they may build from source but
they rarely edit it. They can still use the closed source binaries.
Only thing stopping them is the license, the license could have changed
to accommodate this desire without the source closing. Again closing
source irrelevant to this point.
You'll notice that there are now a couple of groups considering forking
the code, because they feel it's important to them.
And that's fine with me.
Yeh me too.
They *might* have contributed rather than forking if this had been
requested of them.
You've just proved my original point. Folks were too lazy to contribute as
long as someone else (i.e. Renaud) was doing all the work. Now that he's not
going to contribute to the GPL Nessus anymore, they are forced to get up and
do some work.
The threat of closing source may have had the same impact, but this
wasn't attempted. Which was my point.
Or are you saying people are impossible of volunteering without constant
harassment?
No, I'm saying that it helps.
It's about the Tenable business model, not lack of contributions.
Above you said it was because of lack of contributions AND (emphasis
yours) because of their business model. Business is the valid reason
behind this, Tenable believe that they will have an edge in the market
if they keep their work in house. This makes a lot of sense in the
current marketplace and is the only valid reason they have given for
closing source. However, lack of contributions and the fact that
competitors bundle Nessus in their offerings isn't fixed by closing the
source.
Tenable is a company that makes money off of appliances that uses Nessus. So
they hire programmers to work on Nessus. They've decided to write a bunch of
proprietary code and create a new version of Nessus and not GPL it. In other
words, the code has ALREADY FORKED.
I do understand how forking works and I know they have forked the code,
all I have said is that this doesn't solve the issue Tenable have
mentioned. In fact it's made it worse as now no one can contribute to
Nessus 3 outside Tenable and Nessus 2 will have less work done than it
has benefited from in the past.
It's not a big deal, because no one can rightfully say that Renaud or others
at Tenable are obligated to continue to contribute to Nessus. What would
have happened if Renaud just quit writing code and decided to become a tree
surgeon, and Tenable went out of business? Nessus would be in about the same
state it's going to be in now...
I don't believe I have said anything like that. All I said is that
these reasons for closing source don't add up. The only one that does
is that they will have an edge if they create a superior product and
are the only ones that know how it works, (even that is slightly
debatable as they had a similar edge being the biggest contributors).
This is purely a business move. People will contribute less to Nessus
as it has now forked into at least 3 projects the skills are more
widely spread and competitors can still bundle Nessus if they like, as
long as they don't mind ignoring the license. Lack of contributions and
the fact that people use the software without giving credit are not
valid reasons to close the source - because closing source doesn't
solve them. It makes it *seem* like Nessus are "going home and taking
their ball with them". The statement puts blame on other people ie..
those that used the product without giving back, which is not an
admirable way to treat users of your software - even if they are the
competition they are still users.
Tenable have the right to do with their copyright as they wish, but
making it appear as if their decisions are based on the faults of other
people, worse *their users*, is not an admirable thing to do. I would
have had more respect for the decision, as someone who relies on
Nessus, if they had the honesty to say that it was purely business and
nothing personal.
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog: http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3
signature.asc
Description: This is a digitally signed message part
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
