Nmap Announce mailing list archives
New Nmap Release Signing Procedure
From: Fyodor <fyodor () insecure org>
Date: Wed, 20 Oct 2004 22:43:22 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hello folks, I'm embarrassed to admit that I released Nmap 3.75 with (another) bad GPG signature. Props to the half-dozen or so people who caught it and notified me. I was using a manual technique because the GPG-integration of my preferred mailer (Mutt) is not compatible with many systems, even in so-called compatibility mode. Besides being a pain, that system made it very difficult for people who aren't on nmap-hackers to verify releases. The web archive modifies the messages enough to break the signature. For these reasons, I have changed to a new system. From now on, each release will have a detached GPG signature, and also a file containing MD5, SHA-1, and RIPEMD-160 hashes. These signatures and hashes are available at http://www.insecure.org/nmap/dist/sigs/?C=M&O=D . The GPG sigs still use my public key ( http://www.insecure.org/fyodor_gpgkey.txt ). Cheers, Fyodor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBQXdMKs4dPqJTWH2VAQFtmAP+OSgDjwOtUWDY7MGVwxMU2Kb3JlVfB47P MtFJ7OgjEPwz3Qmlcp3tms/vfAt6qmaSVv1tFku0He5AESgHioUJ+ST8ZiqIni0V +OyBpIVrDSTqLwH2o9EGn1kAVlcGyCrV/7JpajxcciOzgRDuPzzxd91dJT4USTyL ZMBoqtW4O+Q= =k4F4 -----END PGP SIGNATURE----- -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List archive: http://seclists.org
Current thread:
- New Nmap Release Signing Procedure Fyodor (Oct 20)