[svlug] rpm tips: full version including epoch, CVEs fixed via backport

Dan Mashal dan.mashal at gmail.com
Wed Nov 28 22:05:43 PST 2012

Every CVE is an "emergency". Every security issue "critical". Everything
MUST be encrypted. 3 times.

Biggest scam artists in the industry in the last few years.


On Wed, Nov 28, 2012 at 4:54 PM, Aaron Porter <atporter at gmail.com> wrote:

> On Wed, Nov 28, 2012 at 4:23 PM, Rick Moen <rick at linuxmafia.com> wrote:
> > Some of you may have the good fortune of needing to satisfy auditors who
> > do what they laughingly call 'penetration tests' of the servers, in
> > which they check reported version strings of your network daemons and
> > then require you to prove that you're not vulnerable (and typically hit
> > you with a basically insane demand that you upgrade to something dumb --
> > because they've never heard of backported patches).
> My favorite...
> Auditor: What RPMs are installed on the system?
> Admin: Well, we run Debian so technically none but...
> Auditor: Wow! that's easy. No RPMs installed <checks box>
> Admin: But!
> Auditor: Next question...
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20121128/1f40e73e/attachment.htm

More information about the svlug mailing list