Documentation error in http://www.nessus.org/nessus_2_0.html
John Q. Public
tpublic at tno.org
Wed Sep 3 23:27:54 EDT 2003
On Thu, 4 Sep 2003, Jason Haar wrote:
| On Wed, Sep 03, 2003 at 09:37:13AM -0400, Renaud Deraison wrote:
| > There is a GPG-signed MD5 file next to nessus-installer.sh
|
| Ah! I read filename "MD5" as meaning md5's of nessus-installer.sh, which I
| never bothered downloading as if it's just a MD5, it's 100% likely to be
| compromised whenever the package itself is :-)
|
| Perhaps "MD5.sig" would be more "normal"?
It is an MD5 checksum of the nessus-installer.sh. It is also likely to be
modified by someone who wants to, but that's why the content of the file is
itself signed inline. It is not a file containing the PGP signature for
nessus-installer.sh, so .sig would be a bit misleading. Naming it MD5.asc
might be appropriate if one were to need to imply it was a PGP file.
But that's just my opinion.
More information about the Nessus
mailing list