> You lost me - could you explain what you mean, "Make a list of files > affected, > and then demonstrate that their timestamps occur after the patch > publication."?
Each patch affects a certain number of files (binaries, libraries, possibly package manifests). These files should have modified timestamps that occur after a patch was released. I believe this is the 6th column of output from an ls -l command. You can use a port like security/aide to generate logs of critical files containing checksums of the files. If you do this regularly, you can identify files that changed and provide explanations of why the files changed (for instance, a patch was necessary). Regulators often want this sort of thing. - Brandon
