On 02/08/2016 05:14 PM, Matthew Miller wrote:
On Mon, Feb 08, 2016 at 04:37:40PM +0100, Šimon Lukašík wrote:
Thing is just we have slightly different approach. Let me explain.
Using OpenSCAP sounds great. Mostly, I wanted to focus on results and
what the user sees rather than implementation details.
The advantages you describe sound exciting, which falls under the
offering-carrots aspect: new functionality that we can give people that
they'll be actively want to switch to. However, I think we also need to
do the "we replaced your favorite coffee brand... and you don't even
know it" part wherever possible. *
I always notice when my favorite coffee shops changes a brand!! However
you are right, most people won't. :)
So, I really _do_ want the existing command to work, but maybe it's
OpenSCAP underneath.
Do you think that this functionality should be integrated with existing
dnf commands?
That would be beneficial for some, however we are trying to make the
use-case even easier then before. You perhaps do not want to turn on all
the containers and mount all the images and run the command, right?
[...]
The problem we are currently facing in Fedora is that you need to
have a data that you feed to the scanner. Hence, this CVE analysis
can be done only for RHEL, SuSE and Debian systems. So, we are done,
once we are able to develop plug-in to bodhi to generate the data
feed for us.
What is needed for that to happen?
I think Bodhi has all the data it needs. We just need someone to write a
script to query the data from Bodhi database and put it into that XML
that OpenSCAP can parse.
We can review the examples us such data for other distributions:
https://www.redhat.com/security/data/oval/
https://support.novell.com/security/oval/
http://people.canonical.com/~ubuntu-security/oval/
https://www.debian.org/security/oval/
Best,
~š.
Do you think this approach is sensible for the ponycorn? :)
Yes, with the above notes.
Man, I missed a really good opportunity to call this message an "RFP".
:)
* I need to unify this metaphor... it's carrots and coffee rather than
carrots and sticks, since we have no sticks. But on the other hand, I
don't think horses like coffee.
--
~š.
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
