<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div><span id="OLK_SRC_BODY_SECTION">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
"I'm guessing that a receipt database only works for executable code that was installed through some standard process. Is this the case?"</div>
</span>
<div><br>
</div>
<div>Yes. When the "Installer" is used to install something, then receipts get written. There is lots of software that is installed without using the Installer – e.g. Dragging an application to the Applications folder.</div>
<div><br>
</div>
<div>- Jasen.</div>
<span id="OLK_SRC_BODY_SECTION">
<div><br>
</div>
</span></div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Todd Heberlein <<a href="mailto:todd_heberlein@mac.com">todd_heberlein@mac.com</a>><br>
<span style="font-weight:bold">Date: </span>Monday, July 15, 2013 9:24 PM<br>
<span style="font-weight:bold">To: </span>MITRE Employee <<a href="mailto:jasenj1@mitre.org">jasenj1@mitre.org</a>><br>
<span style="font-weight:bold">Cc: </span>Peter Link <<a href="mailto:plink53@mac.com">plink53@mac.com</a>>, oval-developer-list OVAL Developer List/Closed Public Discussion <<a href="mailto:oval-developer-list@lists.mitre.org">oval-developer-list@lists.mitre.org</a>>,
"<a href="mailto:scap-on-apple@lists.macosforge.org">scap-on-apple@lists.macosforge.org</a>" <<a href="mailto:scap-on-apple@lists.macosforge.org">scap-on-apple@lists.macosforge.org</a>>, "<a href="mailto:scap-on-apple-dev@lists.macosforge.org">scap-on-apple-dev@lists.macosforge.org</a>"
<<a href="mailto:scap-on-apple-dev@lists.macosforge.org">scap-on-apple-dev@lists.macosforge.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div><br>
</div>
<div>
<div>On Jul 11, 2013, at 11:30 AM, "Jacobsen, Jasen W." <<a href="mailto:jasenj1@mitre.org">jasenj1@mitre.org</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif; ">
<div>We (MITRE) developed the referenced extension schema. Mac OS provides an installation receipt capability much like other package managers on other UNIX systems. It seems that OVAL should support checking this system provided audit trail.</div>
<div><br>
</div>
<div>If the audit trail is unreliable or unsuitable for the purpose, that's another good discussion.</div>
</div>
</blockquote>
</div>
</div>
</div>
</span><span id="OLK_SRC_BODY_SECTION">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div>I'm guessing that a receipt database only works for executable code that was installed through some standard process. Is this the case?</div>
</div>
</div>
</span>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div><br>
</div>
</div>
</div>
</span>
</body>
</html>