NACK. If you would like to work on real policy evaluation, there are projects that we can hook you up with. There is a lot more to policy evaluation than what this proposal is and incorporates more work than the members of this project have time for. This problem is being worked on in other spaces and has standards being developed around them which the proposed format doesn't take into consideration.
This is major scope creep to the purpose of this repo which is about security scanning and remediation of content and will fundamentally break our downstream users. This project is not positioned to correctly tackle policy evaluation and is going to slow down our release and build process even further. This is also a roadblock to getting the requests that current customers are demanding completed. There are other higher priority upstream tasks that have received no attention in OpenSCAP, SCAP Workbench, etc. repos. Those need to be dealt with and completed first. On Fri, Jun 5, 2020 at 8:36 AM Jan Cerny <[email protected]> wrote: > Hi, > > The policy source data format proposal is available and ready for > comments. The text has been submitted as a pull request on GitHub to > make the discussion easier using comments and reviews. > See https://github.com/ComplianceAsCode/content/pull/5817 > We are looking forward to seeing your feedback on GitHub. > > What is it about? We will use the policy source data format to improve > development of our profiles. It will allow us to store security > controls and requirements in the repository and then define profiles > by using their IDs instead of separate rules. > > This is done in order to solve the problem that there is no easy way > to demonstrate to profile stakeholders the status of their profile. > > Intended workflow: > > * SME identifies security controls the policy consists of. Those > controls serve as direct input for our profiles. > * SME goes through controls, and makes sure that they are sufficiently > covered by rules. > * SME fine-tunes the profile by overriding a couple of individual > rules in the profile file. > > Once the format is accepted we can start developing tools that support > this new workflow. > > In future, we can also use it for further refactoring, for example > streamlining the generation of HTML tables. > > Best regards > > -- > Jan Černý > Security Technologies | Red Hat, Inc. > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
