On Wed, 2004-12-01 at 10:21, Alexander Dalloz wrote: > Am Mi, den 01.12.2004 schrieb Rahul Sundaram um 2:15: > > > > Its a false positive. Lame tools just checking for application version > > > numbers bring lame results. > > > whats the alternative? > > > Rahul Sundaram > > Good question - next one ;) Seriously, from my observation such tools > alerting based on version numbers (nessus is such a application too) > make unexperienced users uncertain. I agree > Experienced users don't profit by > such tests, they know where to look for the (in)security reports and how > to find out whether the own applications are safe because up to date > (either because self compilations or using distribution packages which > are patched). One can always use the rpm -q --changelog packagename . > Maybe pointing user's attention to possible security issues is not that > bad at all as it may rise up sensibility. But too much false positives > then are counter productive, I fear. Well, at least i they are new, then the question should be asked. Or at least googled. > > Regards > > Alexander -- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 20:13:12 up 22 min, 1 average: 0.18, 0.16, 0.17
