Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Colin Rice Status Report- #2 of 17
From: Fyodor <fyodor () insecure org>
Date: Thu, 12 May 2011 18:52:16 -0700

On Mon, May 09, 2011 at 09:46:04PM -0400, Colin L. Rice wrote:

1) Pass Finals.

We're rooting for you there :).

2) Get a proposal for my autoupdater on nmap-dev for discussion.

That's a big thing to take on, but will certainly be very valuable for
the Nmap community!  I look forward to reading about your research
into the options for doing this.

One of the key decisions is whether the updater covers only
platform-independent files (NSE scripts & libraries,
nmap-service-probes, nmap-services, nmap-os-db), or also the
platform-depdenent files such as the Nmap executable itself and the
various DLLs.  Doing just the first group means we don't need separate
sets of files for each platform, but it also means that we need to
worry about conflicts because the platform-independent files sometimes
depend on new features in the depdendent ones.  It also means that
users don't benefit from all of the new features and algorithmic
improvements in Nmap.  The second approach (distributing all files for
each platform) fixes those problems, but has its own implementation

I suppose the first step is to research and write up the many
different options (in terms of ways to implement such an updater) and
pros/cons of each.  Be sure to look at what other programs (open source
and proprietary ones) use for this.

If the updating system requires that the Nmap project run a central
update server (which I suppose is reasonable), it should support
authentication.  If we have an automated system for assigning
people/installations their own username and password, we can more
easily track abuse and ban people who do things like set cron to check
for updates every 5 minutes.

Also, I think we should have an auto-updating system that works on at
least Mac, Windows, and Linux (32 and 64 bit).

3) Work a bit on bug fixing.

Great!  Users hate bugs.  We can't eliminate (or even find) all of
them, but I think we can at least beat the commercial competition :).

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]