> You lost me -  could you explain what you mean, "Make a list of files 
> affected,
> and then demonstrate that their timestamps occur after the patch
> publication."?

Each patch affects a certain number of files (binaries, libraries,
possibly package manifests). These files should have modified
timestamps that occur after a patch was released. I believe this is
the 6th column of output from an ls -l command.

You can use a port like security/aide to generate logs of critical
files containing checksums of the files. If you do this regularly,
you can identify files that changed and provide explanations
of why the files changed (for instance, a patch was necessary).
Regulators often want this sort of thing.

- Brandon

Reply via email to