I understand the no government certification thing and not going to argue with it. But as someone who uses Scientific linux most of the time. I'd like to propose that we either add sl and cent or a generic rhel derivative, perhaps by simply using a tailoring var. In a perfect world I'd even suggest that RHEL is treated as a specific RHEL_derivitive, just like SL or Cent. But I can only imagine the pain that would cause. I think what would be nice is if we make some centos and sl generic profiles, and fix the platform check in the OVAL definition. In a way that the derivative producers wouldn't have to mess with, but a specific user/ admin could with a simple tailoring file.
The problem as I see it right now, is that there is a pretty big barrier to entry for admins of derivative systems. Which means that there won't be a lot of eyes on the guide except for the die hards, who also happen to have the time. And that doesn't seem like a good long term thing. I also get the sense that some of this cent os stuff is changing a "little" bit with RH pulling cent in under it's wing, but they'd be foolish to get Cent certified in any official way. If you want true certification, you should probably pay. just my 2 cents, -jj- On Fri, Aug 15, 2014 at 6:09 PM, Shawn Wells <sh...@redhat.com> wrote: > On 8/15/14, 6:30 PM, Greg Elin wrote: >> Shawn, >> >> Really interesting points. >> >> Can you also speak to Fedora vs RHEL and why Fedora is included? >> >> I think a CentOs generic is a smart approach. > > > We've been very careful to not claim any gov baseline compliance with > the Fedora content. Currently there is a generic/common profile: > > https://github.com/OpenSCAP/scap-security-guide/tree/master/Fedora/input/profiles > -- > SCAP Security Guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
