Le 02/01/2018 à 20:39, Shawn Wells a écrit : > > > On 1/2/18 6:58 AM, Marek Haicman wrote: >> Hello Olivier, >> great to hear that you were able to solve the issue! Response times >> are slower here over the holidays... >> >> For the cpe problem, I suggest to use datastreams. It has CPE bundled >> within, so it works out-of-the-box so to say. It wasn't so important >> in the past, where we used only standard CPEs, as these are also >> shipped as part of oscap. But now, as we included support for >> containerized environments (using SSG-based cpe:/a:machine and >> cpe:/a:container), using default will show lots of stuff not applicable. >> >> And I have checked the patch and merged it, thank you! >> Marek > > Thanks Oliver for sending your notes to the mailing list.... even if you > felt if you were just talking to yourself over the holidays :) > > As a community we haven't focused much on developing a good > FAQ/knowledge base/something that archives commonly asked questions. > There's been some talk about potentially using stack overflow for this. > Would that be better than keeping a GitHub wiki page? > > IMHO it would, because of the amount of developers that try stack > overflow first. > > On the other side, most people are subscribed to the mailing list and > may not actively monitor stack overflow... Hello Shawn, Marek and the community,
First of all, thanks for having accept my first patch into the scap-security-guide master branch. I will try to provide other OVAL checks and associated remediations for missing STIG rules in the next day/weeks. In order to answer your questions, as a total newbie into the SSG community so I guess with a complete external point of view, I think the Github wiki page is the good place to add the developer rules. When I tried to write my first check, the documentation I read was the developer guide. In my opinion, I think it would be nice to add things into that documentation. Considering my small experience, I would add for example the advices provided by Marek like using the DS file in stead of the XCCDF. In a more general way, what about adding a chapter telling the commands to use for validating our new checks and remediations. For me, there is already interesting stuff in the developper guide. For me, it was a good starting point for doing my first contributions. Maybe I am old school but compared to SO, I prefer the documentation on the Github pages because it's a centralized place where we can find interesting information. And added to that, the mailing list is also a good channel for additional support because it's also centralized with an easy way to search for data using the archives. Here are my 2 cents. Regards, Olivier _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
