On Wed, 2002-12-18 at 05:19, Renaud Deraison wrote: > They patched OpenSSL 0.9.6b manually, so that they could avoid an > extensive QA testing to get the patch out in no time.
I can think of many things Red Hat might do when releasing software, but "extensive QA" is not one of them. They release alpha code directly contrary to the wishes of the code authors (e.g. gcc version 2.96), make undocumented patches to system programs that then conflict with the manual pages (e.g. /bin/bash which ignores the input to a pipe (|) if stdin is a socket instead of a PTY) and so forth. Me, I prefer to compare a system under test to the code produced by the author, not the myriad OS vendors who supposedly "tweak" the code in some not-altogether-documented fashion. At least the author's "official" version provides a baseline that can be referenced in a security script such as NASL. Kris - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
