On Fri, 05 Feb 2016 02:47:03 -0000 "Roger Greenwell" <[email protected]> wrote:
> Community Participants, > > Earlier this week a post was made to this forum/thread that made > disparaging comments regarding DISA’s leadership over the STIG > development process and our contractor’s support in this effort. I > want to share with this group that DISA government leadership is > fully in charge of our actions/decisions and our contract staff is > there to provide support to us. > > Having just signed into this forum tonight, I noted the following > from Fedora’s Rules of Conduct: “Be respectful. Not all of us will > agree all the time, but disagreement is no excuse for poor behavior > and poor manners. We might all experience some frustration now and > then, but we cannot allow that frustration to turn into a personal > attack. It's important to remember that a community where people feel > uncomfortable or threatened is not a productive one.” To the author > of this, WELL SAID!!!! I reread that posting based on this note. To me, it all seems to be a statement of several facts with the exception of one sentence. Typically this guideline is invoked when there are personal attacks. While the post in question is a bit unusual, its not on the scale of the personal attacks that I've seen or recieved on other open source forums. > Shawn Wells, in his post, noted that DISA has been a cooperative > partner in the STIG process. I think the key to the statement is _in the past_. In the past we had an agreement that the stig audit rules would be published in the audit package. This is based on people that are not experts trying to read the rules and come up with audit rules. They typically flood their logs with useless information and eventually wind up on the linux audit mail list asking for help. Since then, there has been no communication to say that the rules need to be changed. Thus I was surprised to see a post like this: https://www.redhat.com/archives/linux-audit/2015-August/msg00012.html Having good rules is in everyone's best interest. It reduces support for us and frustration for end users. Typically this is done by participating in a community of like minded individuals where rules can be discussed and a consensus developed. Throwing new rules over the wall to see if anyone will comment is not exactly the open source way. > DISA greatly values the contributions > and recommendations from Red Hat and communities such as this, and > it’s welcomed. I would say the reverse is true as well. I think we would rather have a dialog and develop the SCAP content on the mail list. -Steve > I would simply ask that everyone please be > respectful. If there are concerns outside of the technical area > associated with this, please drop me a line and we can discuss. My > email address is [email protected]. > > Respectfully, > Roger Greenwell > Chief, Cybersecurity – DISA > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
