Hard-coded xmloutputversion in nmap.dtd--remove it?

[David Fifield <david () bamsoftware com>]

Hello,

Fyodor, Michael Pattrick, and I had a discussion about how to handle
changes to the Nmap DTD. There is a version number, xmloutputversion,
that is supposed to allow parsers to cope with different versions of
Nmap XML output.

http://seclists.org/nmap-dev/2007/q4/0368.html

Currently the xmloutputversion is hard-coded in nmap.dtd to be 1.02.
However that means if we ever change it, all the existing Nmap XML files
with xmloutputversion="1.02" will technically cease to be valid.

I am in favor of removing the hard-coded version number and replacing it
with an attribute whose value can be either arbitrary CDATA or one of a
list of alternatives (1.00|1.01| 1.02) that can be updated. I want to
check with everyone before I do that because in the past I have thought
I knew more about XML than I really did:

http://seclists.org/nmap-dev/2007/q4/0649.html

Finally, what does every use xmloutputversion for? I notice that the
parser in Zenmap never uses it. Is validity (in an XML sense) important
to your application? Zenmap's USR files are remarkably invalid yet they
get the point across. It could be that xmloutputversion isn't worth much
fuss.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org