On 02/23/11 6:08 PM, Machin, Greg wrote: > > Hi. > > I have had an enquiry from the Network and Security guy. He wants to > know why CentOS 5.5 /RHEL 5 is using a very old version of bind > “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many > security fixes is on 9.7.3 . I understand that its to maintain a known > stable platform by in introducing new elements etc .. Is there an > official explanation / document that I can direct him to. > > to put it bluntly, your security guy is pretty much worthless as such if he thinks security is audited by checking version numbers. sadly, this is too common.