Re: Thoughts on script documentation

[David Fifield <david () bamsoftware com>]

On Fri, Dec 10, 2010 at 01:14:49PM +0100, Martin Holst Swende wrote:
> On 12/08/2010 10:06 PM, David Fifield wrote:
> > What if Nmap just came with a script that did the equivalent of
> >
> > rsync -r rsync://nmap.org/scripts/ /usr/share/nmap/scripts/
> > rsync -r rsync://nmap.org/nselib/ /usr/share/nmap/nselib/
> >
> > This is pretty much what openvas-nvt-sync does. It also can download a
> > .tar.bz2 file if rsync isn't installed.
> >
> > http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-scanner/tools/openvas-nvt-sync.in?rev=8017&root=openvas&view=markup
> >
> > Maybe rsync would be easy to get to Windows users. This also wouldn't
> > solve the problem of version dependencies. 
> That would be great!
> It could be good to add some possibility to detect and warn a user if
> there are *known* compatibility issues. E.g, issuing GET
> http://nmap.org/scriptupdate?version=<installed_version> before the
> rsync takes place. If scriptupdate detects that version is blacklisted
> as "incompatible" with the current head, it could return an appropriate
> status code and message : "Some of the scripts you are about to fetch
> are marked as incompatible with your version of nmap. ".

Well, that's the rub. It's easy to set up some rsync service, but much
harder to build (and especially maintain) some list of compatibilities.
And not only on Nmap maintainers. New script writers (if they wanted to
be thorough) would have to test their scripts against previous versions
and see when they stop working.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/