On Tuesday, June 18, 2019 11:59:05 AM EDT Boyce, Kevin P [US] (AS) wrote: > Maybe what Philippe means is a carefully tested auditd shouldn't be > considered "alpha" anymore?
That's a fair point. :-) I've considered it Alpha because it's missing container support. IOW, it's not feature complete. Container support was listed as the main benefit for calling this 3.0. There probably won't be a beta release. It will probably just go straight to release after initial testing and then cleanup problems/ round out support on a 3.0.1 release. -Steve > -----Original Message----- > From: linux-audit-boun...@redhat.com <linux-audit-boun...@redhat.com> On > Behalf Of Steve Grubb Sent: Tuesday, June 18, 2019 10:36 AM > To: linux-audit@redhat.com > Cc: MAUPERTUIS, PHILIPPE <philippe.maupert...@equensworldline.com> > Subject: EXT :Re: audit-3.0 > > Hello Philippe, > > On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote: > > On the mailing list a few days ago, it was announce that Audit-3.0 > > alpha8 was available. I am a little bit confused because on a RHEL 8 > > server I get > > > > rpm -q audit > > audit-3.0-0.10.20180831git0047a6c.el8.x86_64 > > What are the link between the Rhel 8 rpm and the version audit-3.0 > > announced. > > The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. > The package version should be a clue that this is a git snapshot. The > Fedora packaging guidelines say that if it is a pre-release git snapshot, > version must start with 0 so it can be overridden in the future, and the > date + git + last commit hash must be included so that anyone can identify > exactly what this is. > > I can't imagine RHEL8 using an alpha version. > > Why? Anything put into RHEL is carefully tested. (Fedora has also been > running on alpha/git snapshots for about a year, too.) Also, I stopped > feature development in audit-3.0 around August of last year. Everything > going in since then has been bugs reported or discovered or at most small > patches to support new kernel features. So, audit userspace should be > considered as becoming mature, stable code that will not be developed at > the same pace as before. > > I expect that when container support lands, there will be a couple rounds > of development to make it nice to use. But then its back to listening for > bug reports. > > To be honest, I think at this point anything of value is really higher up > the stack. IOW, visualizing, aggregating, or alerting at scale. > > -Steve > > > As the side note the Rhel 8 rpm has the following description rpm -qi > > audit > > Name : audit > > Version : 3.0 > > Release : 0.10.20180831git0047a6c.el8 > > Architecture: x86_64 > > Install Date: Mon 17 Jun 2019 05:55:23 PM CEST > > Group : Unspecified > > Size : 678098 > > License : GPLv2+ > > Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID > > 199e2f91fd431d51 Source RPM : > > audit-3.0-0.10.20180831git0047a6c.el8.src.rpm > > Build Date : Wed 09 Jan 2019 06:26:29 PM CET Build Host : > > x86-vm-06.build.eng.bos.redhat.com > > Relocations : (not relocatable) > > Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> > > Vendor : Red Hat, Inc. > > URL : http://people.redhat.com/sgrubb/audit/ > > Summary : User space tools for 2.6 kernel auditing > > > > Of course the kernel for REHL8 is : > > rpm -q kernel > > kernel-4.18.0-80.el8.x86_64 > > > > Any clarification is welcome > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
