Shawn, I like your explanation and naming of the components. OpenSCAP as the umbrella project name makes sense.
Greg On Thu, May 1, 2014 at 2:31 PM, Shawn Wells <[email protected]> wrote: > > On 4/30/14, 10:39 AM, Martin Preisler wrote: > > ----- Original Message ----- > > > From: "Jan Lieskovsky" <[email protected]> <[email protected]>> To: > "SCAP Security Guide" <[email protected]> > <[email protected]>> Cc: "Peter Vrabec" > <[email protected]> <[email protected]>, "Simon Lukasik" > <[email protected]> <[email protected]>, "Martin Preisler"> > <[email protected]> <[email protected]>> Sent: Wednesday, April 30, 2014 > 4:08:04 PM> Subject: [RFC] SCAP security guide to become member of larger > community - OpenSCAP ecosystem by changing it's name to> OpenSCAP security > guide?> > Hello folks,> > in effort to increase discoverability of security > compliance solutions,> Simon created github's entry for OpenSCAP ecosystem > yesterday:> [1] https://github.com/OpenSCAP> > collecting all the relevant > tools / products, necessary to perform> security compliance checks in > automated way. The intention of this> ecosystem is to have all the parts > available at one place, so people> interested in automated SCAP scans > wouldn't need to search for:> * the scanner,> * tailoring / remediation > tool,> * the content itself> at three different locations.> > For now those > repositories are just mirrors of their parental ones> (copies which will get > updated on regular basis - Simon can clarify> how often).> > Together with > this change, we have received proposal of icon / logo> for the SCAP security > guide project. Though yet before you download> & inspect the attached > tarballs, I need to mention, there are two> versions of the icons attached:> > * one is for current "SCAP Security Guide" project name> > (SCAP_logos_SCAP_security_guide.tar.gz),> * the second to see the proposal if > the name of the project would change> to "OpenSCAP Security Guide" > (OpenSCAP_logos_SCAP_security_guide.tar.gz)> > Since there's effort to create > OpenSCAP ecosystem, of which SCAP security> guide> project is its > indisputable part, besides cloning the repository, the other> natural > subsequent step, coming to mind is to have the project renamed> from SCAP > security guide to OpenSCAP security guide.> > In our opinion, look at > OpenSCAP ecosystem [1] might induce the potential> user's impression, the > whole project being organized properly (all parts> being available at one > place and all parts named by same prefix, differing> just by component's > name).> > The pros / cons of the name change as I was able to collect are as > follows:> > Pros:> * whole (security compliance) solution can be viewed / > looked at like> having organized & unified form (distinguished just by > component's name /> colour of the icon),> > * all the necessary bits are > reachable at one place (=> lowering the> potential> user's "start barrier" > in effort to get familiar with the concept)> > Cons:> * user's accustomed to > old name might get confused. It might need to take> some time till they get > accustomed to start using new name,> > * the content being named "OpenSCAP > Security Guide" (IOW with OpenSCAP brand)> might induce the impression, > it's not usable in other tools / scanners> than just by OpenSCAP one. This > could be overcome by us providing tutorial> articles / images pinpointing > the use of SCAP Security Guide content with> tools (scanners) other than > OpenSCAP to disperse the potential confusion> (clearly state it's possible > to use it in other scanners too).> > To express my subjective opinion I like > the idea of the project to be> renamed to "OpenSCAP Security Guide". But > wanted to know wider opinions> from the community on the potential > translation. > > I think it's not necessary to rename the projects themselves. However I am > all for promoting the OpenSCAP "umbrella" and cross linking the projects. > Renaming the projects would be very costly and confusing for existing users. > The benefits aren't worth it IMO. > > In my opinion scap-security-guide should stay as is because > openscap-security-guide implies a tool lock-in which is not the case. > > > Jan, thank you for starting this conversation! I'm *very* much in favor > of a unified umbrella/naming. > > As sgrubb pointed out, OpenSCAP has classically been the interpreter. If > we rename SSG to "OpenSCAP Security Guide," the name creates an impression > the content would only work with OpenSCAP. For this reason, are you > proposing we change the OpenSCAP interpreter as well? e.g.: > > OpenSCAP: A portfolio of open source SCAP utilities and content, which > includes: > * OpenSCAP Workbench: Used for tailoring content (formerally > scap-workbench) > * OpenSCAP Interpreter: A cross platform, open source SCAP > interpreter) > * OpenSCAP Content: An open source project delivering a > large body of SCAP content. Used as upstream for such profiles as the STIG > and C2S > * OpenSCAP Anaconda Plugin: A project to integrate SCAP > scanning into Linux provisioning > * OpenSCAP Spacewalk Plugin: A project to integrate centralized > SCAP scanning into the Spacewalk/Satellite system management software > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
