Date: Wed, 05 Oct 2016 08:28:49 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Roger Eddins" <roger@purplecat.net> Cc: <freebsd-hackers@freebsd.org> Subject: Re: Reported version numbers of base openssl and sshd Message-ID: <86oa2z9un2.fsf@desk.des.no> In-Reply-To: <01eb01d21e52$4a7f1640$df7d42c0$@net> (Roger Eddins's message of "Tue, 4 Oct 2016 11:16:32 -0400") References: <01eb01d21e52$4a7f1640$df7d42c0$@net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Roger Eddins" <roger@purplecat.net> writes: > Question: Could version number obfuscation be added to openssl and sshd = or > have the proper relative patch version number reported from the binaries = in > the base system? > > Reasoning: PCI compliance is becoming an extreme problem due to scanning > false positives from certain vendors and a big time waster with older > FreeBSD releases reporting the original base version number even after pa= tch > updates. I've been asked this before. My answer was that either the tools or the people wielding them are deficient, and I haven't changed my mind. How do they handle RHEL? DES -- Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86oa2z9un2.fsf>