* It must be possible to verify the integrity of update metadata (e.g.,
  latest version number).
* It must be possible to verify the integrity of package contents.
* The system must derive trust from the root server.
  (In other words, if the system requires the generation of new
   keypairs, it must be possible to sign those with existing GPG keys.)
* The system must run on Windows, Mac OS X, and Linux.
* The key binaries nmap as well as any secondary binaries, ndiff ncrack etc.. must be updated if installed.
* The key files nmap-os-db, nmap-protocols etc.. plus all of the nselib lua files and the scripts should but updated as well. These should be in a seperate repository from the binaries since they are cross platform.
* Nmap should warn if an update has not been run in ~45 days but there should be no mandatory autupdate.
* It must be possible to find out how recent currently installed files are
  (for example, with a date).
* It must be possible to preview what updates are available before installing
  them.