[SATLUG] Open Source IA process

R P Herrold herrold at owlriver.com
Mon Mar 31 20:02:45 CDT 2008

On Mon, 31 Mar 2008, Sean I wrote:

> Don't you LOVE IA validations....I just had to take 24 RHEL 4.5
> Servers through it...they passed with flying colors but security still
> whined about few problems beyond my control (It is not my fault redhat
> backports their crap).

I guess I am confused -- if the RHEL (or CentOS) units passed 
with flying colors, why is it Red Hat's fault that the scanner 
used by 'security' looked at version strings, rather than the 
actual exploit.

The 'crap' if any, seems to be in the imprecision of the 
alleged tool doing the scanning, or the shallowness of the 
training of the person running the scanner;  you as the 
sysadmin can point to the CVE fixes for any package -- say: 
openssh -- trivially:
 	rpm -q --changelog openssg | grep CVE

-- Russ herrold

More information about the SATLUG mailing list