Oh, one more thing: I kinda half-flipped when I saw this, but been so busy couldn't get around to making a note of it here (seriously, someone please yell at me like once a week until it's addressed):

The aforementioned version of this in extras-devel added nmap and ncat to 'NOPASSWD' sudoers. This introduces a security issue. Why? Because ncat can launch arbitrary programs and then connect up to them. So even if you have a fairly locked down N900 with sudo password protected across all invocations (as I do on mine), that update comes in, and unless you KNOW it has been thus tweaked (which I didn't just getting the update over apt-get), that extra sudoers entry just opens the door to everything, because now effectively any process on the device can run 'sudo ncat [parameters to run 'sh' or arbitrary command]', and either do another ncat instance to connect up to that very root shell, or just sit back and let the aforementioned arbitrary command does it's thing.

...honestly, the more I think about it, the more I hate the convention we have here in our repos of adding entries to sudoers to let people run things at their leisure, because such habits cause things like this.

If no one else thinks of something better, what I'd like to do is push a separate package that provides the sudoers entries (like "nmap-sudoers") and that's it, and then push an upgrade that removes these new sudoers entries from the main nmap package.