I just realized I accidentally triggered this issue because I enabled some hardening flags for this executable on the last upload (in testing and sid right now):
https://salsa.debian.org/pkg-security-team/nmap/-/commit/e8002cd93757bb8e579821da032beac10245dd05 This change caused the binary to end up with a different signature and it skipped the AVs allowlist. Looking at nmap changelog, it seems like this issue has been going back and forth[0] and had stabilized after some point (I guess that's when most AV vendors added the signature), this means that any changes in the compilation might trigger the issue again. Hilko, do you have any thoughts on this? It was suggested by Dom to move this file to another package and make nmap Suggests it, I'm inclined towards this solution but haven't investigated the impacts yet. [0] https://github.com/nmap/nmap/blob/b41c39ea78ac9337a741fd942ef3df3a0dea3156/CHANGELOG#L6911-L6916 -- Samuel Henrique <samueloph>
