Re: Hard-coded xmloutputversion in nmap.dtd--remove it?

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Fifield wrote:
> Hello,
>
> Fyodor, Michael Pattrick, and I had a discussion about how to handle
> changes to the Nmap DTD. There is a version number, xmloutputversion,
> that is supposed to allow parsers to cope with different versions of
> Nmap XML output.
>
> http://seclists.org/nmap-dev/2007/q4/0368.html
>
> Currently the xmloutputversion is hard-coded in nmap.dtd to be 1.02.
> However that means if we ever change it, all the existing Nmap XML files
> with xmloutputversion="1.02" will technically cease to be valid.
>
> I am in favor of removing the hard-coded version number and replacing it
> with an attribute whose value can be either arbitrary CDATA or one of a
> list of alternatives (1.00|1.01| 1.02) that can be updated. I want to
> check with everyone before I do that because in the past I have thought
> I knew more about XML than I really did:
>
> http://seclists.org/nmap-dev/2007/q4/0649.html
>
> Finally, what does every use xmloutputversion for? I notice that the
> parser in Zenmap never uses it. Is validity (in an XML sense) important
> to your application? Zenmap's USR files are remarkably invalid yet they
> get the point across. It could be that xmloutputversion isn't worth much
> fuss.

I personally don't use it for anything and don't particularly care what format
the version number is available in either way.

I use XML output for mainly two things: saving it for future use since it's a
good format, and parsing with my Ruby Nmap::Parser.  The only thing my parser
uses the XML version information for is to pass to a user if they so desire,
it doesn't use it for any validation or checking.

So while my answer to this is pretty much "meh", I think that's a good enough
answer for an opinion on this matter since it means there's no fuss :)  Of
course this does mean I'll need to update my library again for another change...

> David Fifield

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSKW6N/9K37xXYl36AQIOpA//RwrL0YxMgByVrdZQ+Q5HG3OHi3OvSSsu
Uze/vCF+9nOg4TW93UWo2YGFeRtvFBFbOUdkBAJlZ1Ini+56YoCWrpef6SKmip+7
i93PRpG+jb6Xh8ESeLzHhrVpcWWXK/z2UUIEm1EVNmo17j7ZFq9gJxmrFSmeOYWL
Q0rDZLUIDSV5V0vww6PkGvOv3kerDUQF21atNHvJ0e/MPNiwJ2TrrsukrPeMOO8d
rg6rktoINdJ8DmLGGZkWy82wbfd99SM4Jog/87VctrTeq+vecO6erqGuP528jvvJ
HMoNZf6Ien4bkMIf/2eKxb7Mer/ywoDrFXYWpA4NJ4M58JvuQZwulh6wAbP6CLcZ
sZxt16Vh3NrjlLkVybEBEQB2Su2BW/qdhsrgiLJFWYw5fwGT7Wy0Mwn2JyQjrYQY
U199NjCitmIHc9+URYux3CjUSC7/re/1xv4H3j06l5n1MLn2kVf0v+b00vj8TWIb
Ot9oEQE1E2qe5nUApOLGY4hKA8JlRhajmeW/wWH1GxYGd0eyNPC3Bia2rtycnJCf
39sA1+/5385ZLAEYnWZz+H4eheqU4dgcSszSoJXZw1m7v3kCP+H8+SQvLt0VjYjo
ENe2vxcL5VsFdBM2jAWO1EMIhJPbew1OXwIRbuN6zHoVIK8961oJwNhzn/YrFnXo
8NjkmKVqdmg=
=RP1e
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org