[EMAIL PROTECTED] wrote:
yea. i'll keep that in mind. too bad it doesnt work in an audit. seriously, is there anything that a) can be queried against?
sometimes
b) compared against?
sometimes
c) hashs of files?
don't count on it.
d) etc?
yes.
Seriously, tell us what your criteria is on the first question, then. The nature of a patch is usually that it changes the absolute minimum required to fix the problem. That usually involves no version number changes. Some things embed the compile time in the binary, so hashes are useless for this. Still...how about a nice, simple "ls -l"? For example: Patch is released on Mar 25, 2006. Look at your binary's date. If your binary is dated May 2. 2006, either it has the patch or your process is broken. Why would you build if you haven't recently updated the code (if that's your purpose). If it is dated Mar 24, 2006, it probably isn't patched. Seems pretty simple to me. If you are running on a VAX or mac68k, add the number of days it takes you do a build. Nick.
