Do we have any rules of the road for wiki etiquette at this point? Should we just update as we see fit? Is there a dedicated maintainer, etc...?
Nothing firm yet. Go nuts. As far as a dedicated maintainer, this will be me.
For items that we may want to add to the checks, etc.., should we post a ticket with the idea, or toss it up to the mailing list first?
It's a matter of judgment.
Let's try: If it's an obvious security enhancement (such as disabling any sort of auto-run/autothumbnail functionality, or disabling a network service), go right ahead and add it. I also don't have much problem with unrolling/editing others' commits if we later decide it was bad.
If it's something that might be judged controversial, then we'll use the mailing list for discussion.
I would first like to identify major areas of investigation and enter tickets for them. In fact, I should probably spend an afternoon just surveying the system and entering tickets.
I'm unfortunately going to be a bit sporadic in terms of participation, but I'll certainly do what I can, when I can.
All participation is appreciated.
Setting up a modular and sane authoring system has taken far longer than I expected.
I would still like to use SCC for OVAL generation, but updating it for OVAL 5.10 will take longer than I expected. For now, I plan to commit OVAL content that will simply be in XML format (split into separate files) and tools for joining/testing. This can later be converted to SCC, or joined by content written in SCC.
___________________________ Jeffrey Blank 410-854-8675