(7:22:14 PM) someguy: me: demand the be specific about what the issues are. Because they're wrong.
(7:23:23 PM) me: intereting, so is there a list of what issues were fixed by what version of redhats apache?
(7:23:24 PM) me: ok
(7:23:36 PM) me: this is a chickenshit security scan anyhow
(7:23:37 PM) someguy: me: if they think there's a vulnerability, then it's up to them to prove it. There are no known security holes in the current versions of openssl on CentOS
(7:23:40 PM) Ges: man rpm, reference query and changelog
(7:23:52 PM) someguy: and bugzilla.redhat.com
(7:24:01 PM) me: ok adding these details to my blog
Ges: let me guess. this "audit" was performed by some overpaid twit using one of the many automated scan tools that has no concept of EL backporting and the "report" generated was turned over without any human interpretation of the results?
(7:26:22 PM) opc: he ran rkhunter!!!!
(7:27:29 PM) rus: oh jeez.
(7:27:37 PM) Ges: rkhunter? really?
(7:28:01 PM) Ges: don't just fire the auditor, stake him to a tree and light him on fire; bring marshmellows.
Thursday, January 7, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment