Michael Meyer escribiĆ³: > *** Chandrashekhar B <[email protected]> wrote: > >> We had discussed this sometimes back about remote checks for the >> open source based packages since each Linux vendor will have their >> own version management. It was decided that we'll wait for each >> vendor to release the respective security advisory and develop only >> local checks based on that. >> > > I do not agree with that. > > Only develop local checks for such security problems is IMHO not > the best way. We don't know how many users have ever configured local > checks. A lot of users will perhaps only do remote checks. We shouln't > ignore such users. > > I think it is better to have a few "false positives" (of course we > have to tell the user that this could be a false positive because we > only check the banner) than not detecting some security problems. > > Interesant subject. I also think it's better to have false positives with a comment about it than nothing.
By the way. In this case, i have ran a local check and it also reported as hole security in all four cases. Regards dav -- David Corcuera Atienza DIMARTEL c/ Blanco Lac 14 Bajo 26005. LogroƱo. La Rioja Tfno. 941217000 Fax. 941216303 [email protected] _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
