On 12/2/13, 7:42 AM, Jan Lieskovsky wrote:
----- Original Message -----
>From 3ad8ce28808123fb2d66db09afb98a3b7fd105b4 Mon Sep 17 00:00:00 2001
>From: Shawn Wells <shawn at redhat.com>
>Date: Fri, 29 Nov 2013 23:48:16 -0500
>Subject: [PATCH] [RFC] Creating shared bash script directory
>As remediation content expands, many scripts will be repurposed across
operating system releases. To reduce
>the maintanence burden of having the same script in multiple places, I propose
to create a shared fix directory. A patch to demonstrate this concept is attached.
This is a great idea.
>combinefixes was modified to first look at input/fixes/bash, then ../shared/fixes/, else
echo a "no fix exists" message.
>The downside to this approach is "exclusion" -- just because a script does not
exist within RHEL6/fixes/bash does not
>automatically mean we want the ../shared/fixes/ version. Unsure how to handle
this. One idea was to 'touch RHEL6/fixes/bash',
>and then delete that file if the shared version was to be inherited.
How about to keep the shared fixes scripts as proposed, but have combinefixes
unmodified? IOW
when the fix should be included, we would create just symlink from the shared
directory
to particular product fixes directory (no symlink => fix isn't included). And
add some README
file in the shared directory documenting this practice (IOW when adding new
fixes the
contributor to consider if the fix is universal enough and could be re-used
also in
other product).
That's completely common sensical.
What are your thoughts on doing this for OVAL as well? We'd need to
update the platform tags, however that's much simpler than retaining
multiple copies of the core OVAL.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
