Shawn, you said " OpenSCAP comes natively with RHEL". Does that mean you do not to add EPEL repo to install openSCAP anymore?
Greg On Tue, Jun 3, 2014 at 5:47 AM, Jan Lieskovsky <[email protected]> wrote: > Thank you for your feedback Paul, Greg. > > ----- Original Message ----- > > From: "Greg Elin" <[email protected]> > > To: "SCAP Security Guide" <[email protected]> > > Sent: Tuesday, May 27, 2014 9:08:00 PM > > Subject: Re: [PATCH 2/2] [RHEL/6, RHEL/7, Fedora] Drop Requires on > openscap-utils. Add a note into manual pages > > regarding that. > > > > In general, it's probably more a documentation and marketing issue. More > > could be done to publish examples of SSG being used with other tools. > > > > Most people are going to be installing SSG via YUM. If the documentation > > indicates installing both, that is probably fine. > > > > I agree with Paul that it is nice to install both and oscap is needed to > test > > SSG content. > > Wondering if two votes for leaving scap-security-guide RPM dependency on > openscap-utils > can be considered as "sufficiently demonstrating community opinion". It's > better than > nothing (we know there are people preferring we to keep the current > situation), but wondering > if there are (also) people which would want the opposite? (would be good > to know, > so this topic could be closed and we could move to other issues) > > So anyone with desire in order to scap-security-guide removed Requires > dependency > on openscap-utils? If so, could you also provide also clarification / > reasoning > behind this motivation? (except the already mentioned one that having > Requires on > openscap-utils might induce impression SSG content can be used with > OpenSCAP tools > only) > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > > With my newbie hat on, it's taken me some time to understand the > difference > > between OpenSCAP and SSG. I've been wondering why. After all, I've > > understood the difference between a browser and html page; between Excel > and > > a Excel file. > > > > I come back to the marketing piece. > > > > Greg > > > > > > > > > > On Tue, May 27, 2014 at 2:57 PM, Paul Tittle (Contractor) < > > [email protected] > wrote: > > > > > > > > On 5/27/14 2:43 PM, Shawn Wells wrote: > > > > > > > > > > On 5/26/14, 10:56 AM, Jan Lieskovsky wrote: > > > > > > > > > > > > 0002-RHEL-6-RHEL-7-Fedora-Drop-Requires-on-openscap-utils.patch > > > > > > From 3c42c661b4f12d57fda35c3506bde1140a09a02f Mon Sep 17 00:00:00 2001 > > From: Jan Lieskovsky <[email protected]> > > Date: Mon, 26 May 2014 16:26:08 +0200 > > Subject: [PATCH 2/2] [RHEL/6, RHEL/7, Fedora] Drop Requires on > > openscap-utils. > > Add a note into manual pages regarding that. > > > > Signed-off-by: Jan Lieskovsky <[email protected]> > > --- > > Fedora/input/auxiliary/scap-security-guide.8 | 7 +++++++ > > Fedora/scap-security-guide.spec | 2 +- > > RHEL/6/input/auxiliary/scap-security-guide.8 | 7 +++++++ > > RHEL/7/input/auxiliary/scap-security-guide.8 | 7 +++++++ > > scap-security-guide.spec | 2 +- > > 5 files changed, 23 insertions(+), 2 deletions(-) > > > > diff --git a/Fedora/input/auxiliary/scap-security-guide.8 > > b/Fedora/input/auxiliary/scap-security-guide.8 > > index 7758f37..50235d9 100644 > > --- a/Fedora/input/auxiliary/scap-security-guide.8 > > +++ b/Fedora/input/auxiliary/scap-security-guide.8 > > @@ -33,6 +33,13 @@ scanning of general-purpose Fedora systems. > > .SH EXAMPLES > > + > > +.B "NOTE: " > > +Example below assumes the openscap-utils package is installed on the > system. > > +If that's not the case to install the openscap-utils package run the > > +.I yum install openscap-utils > > +command as the root user. > > + > > To scan your system utilizing the OpenSCAP utility against the > > common profile, run: > > diff --git a/Fedora/scap-security-guide.spec > > b/Fedora/scap-security-guide.spec > > index c5a8911..adf92a5 100644 > > --- a/Fedora/scap-security-guide.spec > > +++ b/Fedora/scap-security-guide.spec > > @@ -23,7 +23,7 @@ Source0: http://fedorapeople.org/~jlieskov/% > > {name}-%{version}.tar.gz > > Source1: http://repos.ssgproject.org/sources/% > > {name}-%{rhelssgversion}.tar.gz > > BuildArch: noarch > > BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, > python-lxml > > -Requires: xml-common, openscap-utils >= 0.9.1 > > +Requires: xml-common > > Obsoletes: openscap-content < 0:0.9.13 > > Provides: openscap-content > > diff --git a/RHEL/6/input/auxiliary/scap-security-guide.8 > > b/RHEL/6/input/auxiliary/scap-security-guide.8 > > index 44ae1ab..e676d35 100644 > > --- a/RHEL/6/input/auxiliary/scap-security-guide.8 > > +++ b/RHEL/6/input/auxiliary/scap-security-guide.8 > > @@ -68,6 +68,13 @@ webpage athttp:// usgcb.nist.gov/usgcb_content.html . > > .SH EXAMPLES > > + > > +.B "NOTE: " > > +Example below assumes the openscap-utils package is installed on the > system. > > +If that's not the case to install the openscap-utils package run the > > +.I yum install openscap-utils > > +command as the root user. > > + > > To scan your system utilizing the OpenSCAP utility against the > > stig-rhel6-server-upstream profile: > > diff --git a/RHEL/7/input/auxiliary/scap-security-guide.8 > > b/RHEL/7/input/auxiliary/scap-security-guide.8 > > index 97c4aec..7625fdd 100644 > > --- a/RHEL/7/input/auxiliary/scap-security-guide.8 > > +++ b/RHEL/7/input/auxiliary/scap-security-guide.8 > > @@ -58,6 +58,13 @@ webpage athttp:// usgcb.nist.gov/usgcb_content.html . > > .SH EXAMPLES > > + > > +.B "NOTE: " > > +Example below assumes the openscap-utils package is installed on the > system. > > +If that's not the case to install the openscap-utils package run the > > +.I yum install openscap-utils > > +command as the root user. > > + > > To scan your system utilizing the OpenSCAP utility against the > > stig-rhel6-server profile: > > diff --git a/scap-security-guide.spec b/scap-security-guide.spec > > index fad1c6f..c23be44 100644 > > --- a/scap-security-guide.spec > > +++ b/scap-security-guide.spec > > @@ -15,7 +15,7 @@ Source0: http://repos.ssgproject.org/sources/% > > {name}-%{version}.tar.gz > > BuildArch: noarch > > BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, > python-lxml > > -Requires: xml-common, openscap-utils >= 0.9.1 > > +Requires: xml-common > > %description > > The scap-security-guide project provides a guide for configuration of the > > -- 1.8.3.1 > > > > > > > > I'd like to open this up to the community..... Is it beneficial for > OpenSCAP > > to simultaneously installed with SSG? > > > > On one side the inclusion means you get tools+content with one command, > which > > is particularly useful for those new to SCAP. On the other hand it's been > > mentioned that this drives users to believing SSG only works with > OpenSCAP. > > There's no intention of "forcing" OpenSCAP on people. > > > > So, to the user community, is auto inclusion of OpenSCAP annoying or > useful? > > > > > > > > I think it's useful to require OpenSCAP to be installed simultaneously. > It's > > used to test SSG content, for one. > > > > There have been some patches recently which were made in response to the > > latest build of OpenSCAP, such as the world_writeable_files patch. > > recurse_file_system="local" does something different in the latest > OpenSCAP > > build, which potentially breaks the test for some environments (it broke > for > > mine). This tells me that SSG's tests are somewhat reliant on the SCAP > tools > > that are used with the content. > > > > If all SCAP tools behaved the same way for all input, I would say that > > OpenSCAP shouldn't be a requirement for SSG. But they probably don't, so > my > > vote is for requiring OpenSCAP. > > > > > > > > > > _______________________________________________ > > scap-security-guide mailing list > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > > > > > > > > _______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > > > > > > _______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
