Shawn Walker wrote: > 2008/7/1 Shawn Walker <[EMAIL PROTECTED]>: >> The only auditing my past employers have been concerned with is network >> traffic. >> >> Very little, if any work at all, was done to verify binaries, etc. >> >> I would venture to guess that the larger the company, the more likely >> this is to happen. > > To be clear, the larger the company, the more likely they are to have > an auditing process where they would care about hashes, etc. >
Of course, we supply the elf hashes of the binaries in signed manifests... so that auditing can be performed as desired. If this is unacceptable, all Java packages must be replaced completely if any component inside changes, and there will be far more service disruptions during patching operations. - Bart -- Bart Smaalders Solaris Kernel Performance [EMAIL PROTECTED] http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird." _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
