Considering the amount of content that needs to be updated for new releases of STIG and replacement of authconfig, updates to pam checks, etc. I would consider this a very low priority at this time.
On Wed, Dec 18, 2019 at 9:18 AM Matěj Týč <[email protected]> wrote: > ... > > Alternatively, many the rules are operating system aware. If a >> RHEL7-focused check is enabled in the RHV profile, and the underlying host >> is RHEL 8-based, will the evaluation results showup as "notapplicable" with >> proper CPE usage? >> > Well, yes. But we don't label the rules with CPE for product specific > versions. > There is 'prodtype' used to label the rules, but it is used to decide > whether to include the rule in the DS. It is not used in any way for Rule > applicability with CPE. > > I would just add that proper support of CPE Applicability Language within > the project's build system is required to handle this in a scalable manner. > At this moment, a large amount of rules in the project uses various > workarounds to achieve this behavior. Implementation of CPE AL is a > necessary condition for the project's growth, and it is a feature with one > of the highest priorities in our tech debt reduction wishlist, and we see > this as a confirmation of our earlier conclusions. > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
