[OVAL DEVELOPER] ESX patch tests obsolete?

David Solin solin at jovalcm.com
Tue Sep 8 11:51:16 EDT 2015


I was just looking at the ESX patch56_test, and it references a command ("esxupdate query") which has been obsolete since ESX 4.0.  The new ‘equivalent' command, "esxcli software vib list", shows VIB packages installed, but without any relationship to the security bulletin IDs required for the item.

So, given that ESX 4 is over 6 years old now, and was "end-of-lifed” by VMWare last May, is this test really just obsolete now?

It would be possible to create new content that encodes knowledge of the relationships between the ESX bulletins and VIB package versions if we added something like a vib_test.  Would such a thing be of interest to the community?  I’ve seen content added relatively recently for the ESX schema, but it’s all been for very old versions of ESX, so I’m curious whether there’s any demand to support newer ESX versions with the OVAL language.

Best regards,
—David Solin

David A. Solin
Co-Founder, Research & Technology
solin at jovalcm.com <mailto:solin at jovalcm.com>
  <http://jovalcm.com/>
   <https://www.facebook.com/jovalcm>  <https://www.linkedin.com/company/joval-continuous-monitoring>


...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/attachments/20150908/0be32e03/attachment-0002.html>


More information about the OVAL_Developer mailing list