On Wed, 16 Sep 2015 15:28:18 -0500 Bruno Wolff III <[email protected]> wrote:
> I was looking at what is available for checks in Fedora compared to > RHEL by using scap-workbench customization and found tha Fedora was > missing a lot, even when the test commands were available (e.g yum > check-update) in Fedora. I think its a matter of man power vs priorities. I think attention will turn to Fedora once RHEL6 & 7 content is stable. > I can believe that doing CVE checks for Fedora would be a significant > amount of ongoing work that no one might want to do, but most stuff > that works in RHEL is probably available in Fedora. I have proposed a number of times to have bodhi generate OVAL code for every security release of a package. It would be simple to add a couple fields to the page for maintainers to fill out. Then we can have CVE scans of Fedora. This would be a nice addition. > And new stuff in > Fedora that requires changes is likely to eventually show up in > future RHEL versions and not be completely extra work. Right. Its a matter of getting other things done first. -Steve -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
