Phasing out the RHEL6 CI
by Matěj Týč
Dear community,
the possibility to build the ComplianceAsCode/content project on RHEL6
using python2.6 and other dated utilities is becoming a luxury. It
prevents contributors to use elegant constructs available in python2.7,
and sometimes passing the CI for RHEL6 requires some weird workarounds
that take time to design and implement and those workarounds just
complicate the code, they don't bring benefits.
As RHEL6 won't get any significant updates and one can build RHEL6
content on other OSs (or in a container), the RHEL6 CI setup seems to
gain negative value. Do you, our precious community around the project,
have arguments why the RHEL6 should be part of the CI?
If there are no agreed-upon reasons, we are leaning towards switching
the RHEL6 CI off within two weeks, i.e. in the first half of March.
On behalf of the Brno Security Compliance team,
Matěj Týč
5 years, 1 month
Fwd: [scap-dev] SCAP v2 Community Telecon: Integrating Other Efforts
by Shawn Wells
In case others from content community are interested in joining.
-------- Forwarded Message --------
Subject: [scap-dev] SCAP v2 Community Telecon: Integrating Other Efforts
Date: Thu, 21 Feb 2019 18:45:50 +0000
From: Haynes Jr., Dan <dhaynes(a)mitre.org>
To: scap-dev(a)list.nist.gov <scap-dev(a)list.nist.gov>
Hello Everyone,
We will be holding the next SCAP community teleconference on Wednesday,
February 27 from 1:00 - 3:00 ET (10:00 - 12:00 PT).
The focus of the call will be a higher-level discussion on efforts
outside of SCAP that you might want to tie into the SCAP architecture
for greater situational awareness (OpenC2, IODEF, STIX, etc.). Towards
that end, Joe Brule (NSA) and Kathleen Moriarty (Dell EMC) will be
joining MITRE and the USG to facilitate these discussions.
We hope you will be able to join us. Dial-in details are below.
Thanks,
Danny
.........................................................................................................................................
Join online meeting <https://meet.mitre.org/dhaynes/0ZXRK0A2>
Trouble Joining?Try Skype Web
App<https://meet.mitre.org/dhaynes/0ZXRK0A2?sl=1>
Join by Phone
+1 (703) 983-2020,, 37645895#
+1 (781) 271-2020,, 37645895#
Find a local number <https://dialin.mitre.org>
Conference ID: 37645895
Forgot your dial-in PIN?<https://dialin.mitre.org>|First online
meeting?<https://support.office.microsoft.com/en-us/article/join-a-skype-for-busin...>
.........................................................................................................................................
--
You received this message because you are subscribed to the Google
Groups "SCAP Discussion and Development" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to scap-dev+unsubscribe(a)list.nist.gov
<mailto:scap-dev+unsubscribe@list.nist.gov>.
To post to this group, send email to scap-dev(a)list.nist.gov
<mailto:scap-dev@list.nist.gov>.
Visit this group at
https://groups.google.com/a/list.nist.gov/group/scap-dev/.
5 years, 1 month
RHEL8 CCEs?
by Shawn Wells
Looking through the RHEL8 content and it looks like RHEL8 CCEs were not
assigned to the rules.
Was this just an oversight in the beta content, or will RHEL 8 not have
CCEs?
5 years, 1 month
multiple configurations fixed by one ansible snippet
by Marek Haicman
Hello everyone,
we have currently stumbled upon situation, where Ansible remediation
snippet can either fix 3 different rules at once, or be very convoluted.
Technical details aside [1] - what is your view of such approach?
* Is it ok when remediation does change more than the rule that
triggered it checks?
* Do you prefer to have no remediation at all, to the remediation that
does too much?
* Does answer to the questions above change between (--remediate) which
is applied automatically, and bash roles or ansible playbooks, where you
can check insides of the scripts and alter them before application?
Thanks!
Marek
[1]
https://github.com/ComplianceAsCode/content/pull/3723#issuecomment-462747526
5 years, 1 month