[Openvas-discuss] Plugin signatures proposal

oday at fas.harvard.edu oday at fas.harvard.edu
Mon Oct 22 03:06:10 CEST 2007


Sorry for the late response.  This looks good and I would only offer the
following (minor) corrections in text.

"The owners of the key do execute diff-commands between the original Nessus
Plugins and only sign if this results no difference."

... and only sign if this results in no difference.

"Naturally, the inline signature of the Nessus plugins is removed before
comparison."
... of the Nessus plugins are removed before comparison.

Quoting Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>:

> On Sunday 30 September 2007 21:02, Jan-Oliver Wagner wrote:
> > On Friday 28 September 2007 21:15, Bernhard Herzog wrote:
> > > More advanced options to e.g. remove keys might be useful.  However,
> > > given that all of the functionality is easily achieved with GnuPG
> > > itself, the usefulness of more advanced options and, actually, of the
> > > whole tool is questionable.
> >
> > yes, I think so, too. I do not see immediate need for such a tool.
> > A HowTo with the gpg commands should be good enough for the time being.
> >
> > The rest of the proposal is nice.
>
> I crafted a summary page which is neither yet committed nor linked:
> http://www.openvas.org/trusted-nvts.html
>
> At the bottom it outlines an idea for a first signing key.
>
> Any comments/suggestions welcome.
>
> Best
>
> 	Jan
>
> --
> Dr. Jan-Oliver Wagner                                   Intevation GmbH
> Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
> Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>







More information about the Openvas-discuss mailing list