[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r986 - trunk/doc/website
From: scm-commit () wald ! intevation ! org
Date: 2008-06-30 12:20:05
Message-ID: 20080630122005.919C9406C2 () pyrosoma ! intevation ! org
[Download RAW message or body]
Author: jan
Date: 2008-06-30 14:20:05 +0200 (Mon, 30 Jun 2008)
New Revision: 986
Added:
trunk/doc/website/openvas-cr-14.htm4
Modified:
trunk/doc/website/openvas-crs.htm4
Log:
Adding CR #14 (gdchart out of OpenVAS-Client)
Added: trunk/doc/website/openvas-cr-14.htm4
===================================================================
--- trunk/doc/website/openvas-cr-14.htm4 2008-06-30 10:49:48 UTC (rev 985)
+++ trunk/doc/website/openvas-cr-14.htm4 2008-06-30 12:20:05 UTC (rev 986)
@@ -0,0 +1,128 @@
+m4_dnl -*-html-*-
+m4_include(`template.m4')
+
+m4_dnl OpenVAS
+m4_dnl $Id$
+m4_dnl Description: OpenVAS Change Request #14
+m4_dnl
+m4_dnl Authors:
+m4_dnl Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>
+m4_dnl
+m4_dnl Copyright:
+m4_dnl Copyright (C) 2008 Intevation GmbH
+m4_dnl
+m4_dnl This program is free software; you can redistribute it and/or modify
+m4_dnl it under the terms of the GNU General Public License version 2,
+m4_dnl as published by the Free Software Foundation.
+m4_dnl
+m4_dnl This program is distributed in the hope that it will be useful,
+m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+m4_dnl GNU General Public License for more details.
+m4_dnl
+m4_dnl You should have received a copy of the GNU General Public License
+m4_dnl along with this program; if not, write to the Free Software
+m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+PAGE_START
+<h2>OpenVAS Change Request #14: OpenVAS-Client: Remove source code copy of gdchart \
and gd</h2> +
+Status: In discussion.
+
+<h3>Purpose</h3>
+
+<p>
+ To significantly reduce code base of OpenVAS-Client (approx. 50.000 to 28.000 \
lines) +</p>
+
+<p>
+ To use more recent (perhaps bug-fixed) system gdchart libraries
+</p>
+
+<h3>References</h3>
+
+
+<h3>Rationale</h3>
+
+<p>
+ The gdchart library was pulled into OpenVAS-Client (actually into Nessus)
+ quite some time ago to support the charts for "HTML Graph Output".
+ The reason for dragging gdchart and gd into the client was probably
+ problems with general availability of gdchart (in a usable form).
+ Handling this adqualtely in configure.in would have likely meant quite
+ some trouble. Also it might have been judged a problem to impose
+ caring for gdchart development files for the user installing the client.
+</p>
+
+<p>
+ Today newer versions of gdchart seem generally available.
+</p>
+
+<p>
+ It is unclear whether the incorporated gdchart source copy of
+ OpenVAS-Client contains any security problems or other sorts of bugs.
+ Only a explicit analyse could find out about this and it is questionable
+ whether to invest time into this.
+</p>
+
+<p>
+ After all, with 40 percent of the source code, gdchart adds only a single
+ feature to OpenVAS-Client which is not a base one. Charting can be
+ done with various tools ontop the actual scan reports.
+ In general, OpenVAS-Client should better incorporate external tools
+ for creation of reports instead of doing this on its own.
+</p>
+
+<p>
+The source tar ball of OpenVAS-Client as well as the numbers
+of flawfinder hits will drop down significantly. This does
+not improve the quality as such, but removes distracting elements.
+</p>
+
+<h3>Effects</h3>
+
+<p>
+Removing gdchart source copy from OpenVAS-Client would lead to
+loss of this feature for anyone who installs OpenVAS-Client from
+tarball and who ignores the warning that gdchart development package
+is not found on the respective system.
+</p>
+
+<p>
+Next, in case the user
+indeed want to take action, it might cause problems to him
+to find out how to install the missing package.
+</p>
+
+<h3>Design and Implementation</h3>
+
+<p>
+Due to the identified effects it might make sense to schedule
+this change for a next major release (1.1) of OpenVAS-Client
+and have the maintenance of the 1.0 branch (with gdchart included)
+continued for a while.
+</p>
+
+<p>
+The following steps need to be done:
+</p>
+
+<ul>
+<li> Modify configure.in to check for gdchart development files and
+ set a HAVE_GDCHART
+<li> Make some code conditional to the HAVE_GDCHART flag.
+<li> Cleanup (remove?) NO_PIES handling
+<li> Remove directory "nessus/gdchart0.94b"
+</ul>
+
+<p>
+In fact, just in order to evaluate this change, a patch is 98 percent ready.
+</p>
+
+<h3>History</h3>
+
+<ul>
+<li> 2008-06-30 Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>:<br>
+ Initial text.</li>
+</ul>
Modified: trunk/doc/website/openvas-crs.htm4
===================================================================
--- trunk/doc/website/openvas-crs.htm4 2008-06-30 10:49:48 UTC (rev 985)
+++ trunk/doc/website/openvas-crs.htm4 2008-06-30 12:20:05 UTC (rev 986)
@@ -53,6 +53,7 @@
<li> <a href="openvas-cr-11.html">OpenVAS Change Request #11: Make OpenVAS-Client \
use (and depend on) glib</a> (done) <li> <a href="openvas-cr-12.html">OpenVAS Change \
Request #12: Replace NTP with OTP</a> (in progress) <li> <a \
href="openvas-cr-13.html">OpenVAS Change Request #13: Integrating the OVAL \
interpreter ovaldi into OpenVAS Server</a> (in discussion) +<li> <a \
href="openvas-cr-14.html">OpenVAS Change Request #14: OpenVAS-Client: Remove source \
code copy of gdchart and gd</a> (in discussion) </ul>
<h3>How to write a change request</h3>
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic