Why does it take so long for new (gimp, kernels, openoffice) packages to reach the stable repo ?

Kevin Kofler kevin.kofler at chello.at
Sat Oct 18 13:30:22 UTC 2008

Rick Stevens <ricks <at> nerd.com> writes:
> I'm aware of that, but the people who do the penetration testing squawk
> anything that's less than 0.9.8h.  Technically it's a false positive,
> but it is still in the reports and we have to prove that it's a false
> positive each time.  I know what the vulnerabilities are and I've had
> discussions with the pentest people, but they won't budge.

Show them my message, show it to their superiors. It is completely wrong to 
flag tools as "vulnerable" just by looking at the version, the penetration 
testing team is not doing their job! They're supposed to actually try the 
exploits, not just check the versions.

        Kevin Kofler

More information about the users mailing list