The GCF is the core of any use of the GSE outside of the GCE.
So knowing what precisely it is is a prerequisite to any serious work on it and with it.
Since you are heavily developing the GSM, the Forum contains several helpful announcements about effected and upcoming changes of just about anything important (for use and also simple finding one’s way in this maze of evolution) besides the name OpenVAS, e.g. new names, tools, policies, release schedules and APIs.
I spend some time already starting to use what you call “uncoordinated” derivates, and it takes quite some time to get up to speed.
Since you are very clear about the distinction of commercial and community versions, it is equally clear on “the communities” side (e.g. my side in this instance of community manifestation) that one would like to know more about the ifs and whys of “should I invest more time” into this tool or not.
In other words, any community use (beyond mere evaluation purposes without use intentions) in a fast changing development environment one needs to trust (because it’s InfoSec), I would generally like to know more about plans, intentions, the underlying culture and the people.
So one of my first questions is: Is there a way to know from the rsync’ed repository which version of the Feed API the downloaded code snippets belong to?
And is there a manifest and a description tied to such a Feed API Version which could be used to better understand what’s in the Feed, in order to better automatically feed the Feed and it’s future versions into an analysis tool? (It could also be used to warn about upcoming changes, like some kind of comment or so.)
The hash lists can double as some kind of Table of Contents, but this doesn’t say much about different formats introduced or about what the non-nals|inc files contain, or the general API version of the Feed’s Content.