An extra repository for exploits got by mailinglist

[eresemeth at gmail.com (Rory Garton Smith)]

ehh, i trust the framework enough, cause I guess one of the reasons I use it
is to enhance my knowledge of the programming of exploits yourself, and that
if you can't read the actual code of the exploit to see what it does (and
whether its non internally malicious) you're a bit of a script kiddy. So yeh
I guess the only reason you'd have that problem is if that were true. But
still you have a point I suppose
Rory

On 2/4/07, Dennis G?nnewig <lex001 at gmx.de> wrote:
> Hi,
>
> concerning about trusting exploits got by external members of the
> mailing list, i asked myself if it would possible/desirable to have more
> than one repository:
>
> o one for the msf-core-components
>
> o one for the modules (exploits, auxillarys, encoders etc.) written
> and/or reviewed by members of th msf-developing team
>
> o one for all unreviewed exploits written by members of the mailing list
>
> I'm convinced of the knowledge and the profession of most of the members
> of the mailinglist, so please don't start a flame war. From my point of
> view it's more a question of trust:
>
> To trust the members of the core developing team, who invest a lot of
> time and "heartblood" to build the framework or to trust others maybe
> interested to harm the community around the framework. (Sounds a bit
> paranoiac, i'm aware of ;) )
>
> So with a least three repositorys everybody is free to decide which
> risk, he/she wants to take by using the framework.
>
> Best regards,
> dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070204/9ceac210/attachment.htm>