Such a database is all good and fine, but it inheritly has at least one weakness: an attacker can install an old, but genuine Sun binary with a security hole in it. If you did a post mortem and found such a file, would you say "I must have forgotten to update that file" or would you say "There is something rotten in the State of Denmark"? (Nevertheless, your database is obviously much better than having nothing at all.) Morten
