New Nmap Release Signing Procedure

[Fyodor <fyodor () insecure org>]

-----BEGIN PGP SIGNED MESSAGE-----

Hello folks,

I'm embarrassed to admit that I released Nmap 3.75 with (another) bad
GPG signature.  Props to the half-dozen or so people who caught it and
notified me.  I was using a manual technique because the
GPG-integration of my preferred mailer (Mutt) is not compatible with
many systems, even in so-called compatibility mode.  Besides being a
pain, that system made it very difficult for people who aren't on
nmap-hackers to verify releases.  The web archive modifies the
messages enough to break the signature.

For these reasons, I have changed to a new system.  From now on, each
release will have a detached GPG signature, and also a file containing
MD5, SHA-1, and RIPEMD-160 hashes.  These signatures and hashes are
available at http://www.insecure.org/nmap/dist/sigs/?C=M&O=D .  The
GPG sigs still use my public key 
( http://www.insecure.org/fyodor_gpgkey.txt ).

Cheers,
Fyodor

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBQXdMKs4dPqJTWH2VAQFtmAP+OSgDjwOtUWDY7MGVwxMU2Kb3JlVfB47P
MtFJ7OgjEPwz3Qmlcp3tms/vfAt6qmaSVv1tFku0He5AESgHioUJ+ST8ZiqIni0V
+OyBpIVrDSTqLwH2o9EGn1kAVlcGyCrV/7JpajxcciOzgRDuPzzxd91dJT4USTyL
ZMBoqtW4O+Q=
=k4F4
-----END PGP SIGNATURE-----


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List archive: http://seclists.org