On Tue, Sep 18, 2012 at 14:23, Michel Blais wrote: > From http://www.openbsd.org/security.html : > OpenBSD 5.1 Security Advisories > These are the OpenBSD 5.1 advisories -- all these problems are solved in > OpenBSD current and the patch branch. > None yet! > > OpenBSD 5.1 have no know security issue yet.
Somebody fucked up, because errata51.html has a security patch on it. But besides that, in the event there are errata, just pointing the auditors at the web page isn't going to prove much. My suggestion: keep a log of all patches applied. Then you can compare the log to the errata page. Make a list of files affected, and then demonstrate that their timestamps occur after the patch publication. > > Le 2012-09-18 12:36, Ed Flecko a écrit : >> I have State and Federal regulators that want me to PROVE (since their >> only used to looking at Micro$oft servers) my OBSD 5.1 server is up to >> date, and there are no outstanding patches that need to be applied. >> *I* know that's the case, because I follow the "patch" branch, but how >> do I show (i.e., something I could print for them would be best) them >> my system is up to date and that all patches have been applied??? >> >> Thank you, >> Ed
