Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to add some scripts from NSE to nmap?

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Mon, 19 Apr 2010 12:51:05 -0500
On Sun, Apr 18, 2010 at 7:47 PM, Ron <> wrote:


Agreed. It'd be good to require some type of script signing, too.

Although, at the moment, most people download scripts from non-ssl svn, so even if they aren't signed the risk 
doesn't change.

--
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86


What sort of mechanism would be used for signing the scripts?

Would there be a central key authority managed by a trusted *someone*?
 Would we use PGP keys?  Would we use MD5 or SHA-256 sums uploaded
somewhere and force manual checksum verification?

-Jason
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: