|Summary:||net-analyzer/nagios-plugins - upstream HOMEPAGE has been taken away|
|Product:||Gentoo Linux||Reporter:||Michael Friedrich <michael.friedrich>|
|Component:||Current packages||Assignee:||Andrew Hamilton <andrew>|
|Severity:||normal||CC:||creffett, proxy-maint, sysadmin|
|Package list:||Runtime testing required:||---|
Description Michael Friedrich 2014-01-16 22:21:36 UTC
Hi, the nagios-plugins.org website was compromised and therefore the Monitoring Plugins Development Team (former Nagios Plugins Development Team) was required to move to https://www.monitoring-plugins.org They've also decided to rename their project to monitoring-plugins. Whilst I do not suggest to update the package name unless you're required to do so, everyone should be aware of the updated upstream URL and where to safely get official releases from. Read the full story here: https://www.monitoring-plugins.org/archive/help/2014-January/006503.html Kind regards, Michael Reproducible: Always
Comment 1 Andy Brist 2014-01-17 15:59:22 UTC
(In reply to Michael Friedrich from comment #0) > Hi, > > the nagios-plugins.org website was compromised and therefore the Monitoring > Plugins Development Team (former Nagios Plugins Development Team) was > required to move to https://www.monitoring-plugins.org > > They've also decided to rename their project to monitoring-plugins. Whilst I > do not suggest to update the package name unless you're required to do so, > everyone should be aware of the updated upstream URL and where to safely get > official releases from. > > Read the full story here: > https://www.monitoring-plugins.org/archive/help/2014-January/006503.html > > Kind regards, > Michael > > Reproducible: Always This is absolutely not true. The nagios-plugins.org website has not been compromised. The site is safe and hosted by Nagios Enterprises. monitoring-plugins.org is a new fork and should be named as such. The nagios-plugins project will continue with the same url (nagios-plugins.org) and github account (github.com/nagios-plugins). I would suggest those in doubt to contact Nagios Enterprises directly: http://www.nagios.com/contact/ US: 1-888-NAGIOS-1 (1-888-624-4671)
Comment 2 Jan Wagner 2014-01-17 20:57:28 UTC
(In reply to Andy Brist from comment #1) > This is absolutely not true. The nagios-plugins.org website has not been > compromised. The site is safe and hosted by Nagios Enterprises. > monitoring-plugins.org is a new fork and should be named as such. The > nagios-plugins project will continue with the same url (nagios-plugins.org) > and github account (github.com/nagios-plugins). I would suggest those in > doubt to contact Nagios Enterprises directly: > > http://www.nagios.com/contact/ > US: 1-888-NAGIOS-1 (1-888-624-4671) You may have a look into the same discussion over there in the Redhat bugtracker: https://bugzilla.redhat.com/show_bug.cgi?id=1054340
Comment 3 Michael Friedrich 2014-01-21 09:27:35 UTC
I'm not sure where exactly this will head, but it's already below the waistline. https://bugzilla.redhat.com/show_bug.cgi?id=1054340#c51 In either way, I would suggest to freeze the current 'nagios-plugins' package, and decide to either a) update it's upstream source url or b) create a 'monitoring-plugins' package. I'd be happy to forward the new package to the Icinga gentoo packagers for further testing, as well as the community waiting for a trustful source. If Nagios Enterprises want their own package, they shall apply for a new package named 'nagios-core-plugins', and apply for a maintainer. Sorry for that mess & all the extra work. I did see that one coming, but I never expected that it would be that horrible for the community. Kind regards, Michael
Comment 4 Michael Orlitzky 2014-11-22 22:05:30 UTC
The new nagios-plugins-2.0.3 has a homepage of, http://nagios-plugins.org/ which works and is correct. I consider the bug in the summary fixed, politics aside. Anyone disagree?
Comment 5 Michael Orlitzky 2014-11-26 23:40:25 UTC
Comment 6 Michael Friedrich 2014-11-27 08:52:20 UTC
Hmmm, sorry for my late reply, was busy w/ Icinga & conferences the last weeks. Well without politics, their new home after being kicked out was formed at monitoring-plugins.org. Recently they released 2.1.0  and are pretty much active all the time given their github activity . The team also met on this years OSMC last week  to discuss further activities such as a community bug squashing hackathon . So from my personal point of view, monitoring-plugins.org is the only valid & trusted upgrade source, still, any politics aside. But probably you'll need a new package name for that, and orphan 'nagios-plugins'. Maybe it helps to join #monitoring-plugins on irc.freenode.net and discuss with them directly. I was (and am) just the "bad" guy telling everyone what happened, not speaking for them though. Kind regards, Michael  https://www.monitoring-plugins.org/news/release-2-1.html  https://github.com/monitoring-plugins/monitoring-plugins  https://twitter.com/monitorplugins/status/533285958545072128  https://www.monitoring-plugins.org/news/bug-squashing.html
Comment 7 Jan Wagner 2014-11-27 09:13:59 UTC
Speaking as Debian Maintainer of this piece of software and even involved into upstream development. The domain was taken away from people which has driven the nagios-plugins project in the past years (you can compare the commit history of both projects), so they wasn't able to use this name anymore and started using monitoring-plugins.org. The owner of the domains nagios-plugins.org took the code (as everybody can do) and is now developing with another team a forked version of this software. They are using the same name as the origin project, as they own the domain and holding a trademark of a part of the project name. This is the reason why you can grab a software from the usual place like a decade before, but it is not driven anymore by the same people. Now it comes to a point, where trust comes in place. You can choose which project you want to work with. A new (maybe promising) project called 'nagios-plugins' or a project (now called) 'monitoring-project' which is driven by the same group of developers like before 2014.
Comment 8 Robin Bankhead 2014-12-01 12:25:59 UTC
As a humble user I've only just learned of all this business, and in fact only did so because a contrib plugin I was using was silently dropped (ALL contrib plugins, in fact) in the 2.* series. That's really NOT cool: regardless of the political background, that's a functional change that should have merited an einfo at the very least. Regarding the upstream situation, without wishing to take sides, I for one would like to have had the new team's first release to have informed the user about (A) the change of upstream team and (B) the fact that compatibility with other monitors is no longer a goal of this package. As illustrated by what has just happened to me, this change has and will likely continue to affect users in material ways, even if they only use nagios itself as core and don't give a fig for the politics of it (NOT saying the latter applies to me, I didn't even know about it). We should have been told. Personally I'd say Sam Kottler's resolution of the issue for Red Hat was a sensible and even-handed approach: orphan the nagios-plugins package and force the choice of upgrade-path to either monitoring-plugins (original team) and nagios-core-plugins (new team). That's academic unless/until someone picks up Bug 520196, but assuming that happens, I hope users are appropriately put in the picture so they can make an informed choice.