On Thu, 18 Feb 2021 20:26:15 +0000, Jeremy Nicoll wrote:
> ...
>I can't see how any command that dumps its output into a file, which you
>then send to auditors is any good. How do they know that the file hasn't
>been created by hand, or edited between being produced and sent?
>
Grant those auditors access to (e.g.) ISRDDN?
But see:
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
(It's a real PITA to strip Google's tracking info off a URL returned
by a search. I have a scripr that does it. Sometimes.)
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
