On 2007-01-09, Florian Weimer <[EMAIL PROTECTED]> wrote:
> * Javier Fernández-Sanguino Peña:
>
>> If your installation where slightly bigger (maybe 100 systems) I would
>> suggest you invest your time working with OVAL [1] and CVE [2]:
>>
>> a) deploy an OVAL agent at the nodes with apt-capabilities
>>
>> b) have a central OVAL server send new signatures to nodes so they can tell
>> you wether they are vulnerable or not (and need to have a DSA applied or
>> not)
>
> Does anyone publish Debian-specific OVAL signatures?
Not to my knowledge.
> Do you think there is a need for them?
No, too much beaucracy for too little gain.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
