> As far as I'm concerned, until the system matches the production > environment, it's mine, and auditors have no business looking at it at > all; > I'll do as I please. They can whine all they want; they don't have an ID > on > the installation system to look at anything with anyway, so how can they > say > it isn't secure?
Maybe for your auditors. In other places, some pigs are more equal than others. 8-(