pci compliance or how to annoy a sysadmin... (Score 1)

as a sysadmin for a managed hosting company the PCI compliance issues we run into are 99.9% of the time not even real legit issues that would be of a major risk to a credit card processing website. most of them are simply flag checks of versions of software that are installed. most of the time, say on a RHEL system the actual version numbers remain old and the required patches are backported into the rpm. almost any time i get the "OMG I AM SO OUT OF DATE" request from a client it means i simply have to paste the rpm information and sending a link to the errata. "you are fine, you are not going to be hax0r3d, your biz is not completely dead." companies that provide "free security scans" for your average web server colo normally just send total bullshit that just get people in a frenzy for no reason.