Bug 1038655

Summary: [RFE] Inclusion of scap-security-guide in RHEL
Product: Red Hat Enterprise Linux 6 Reporter: David Sirrine <dsirrine>
Component: openscapAssignee: Šimon Lukašík <slukasik>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 6.6CC: bbenson, degts, jduncan, jlieskov, pvrabec, slukasik, swells
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1108067 (view as bug list) Environment:
Last Closed: 2014-07-04 18:44:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1066390    
Bug Blocks: 994246, 1108067    

Description David Sirrine 2013-12-05 15:19:59 UTC 
1) What is the nature and description of the request?
   This request is to identify a package maintainer to include the scap-security-guide into the standard RHEL repositories which are currently available only from EPEL (https://fedorahosted.org/scap-security-guide/).

2) Business Requirements
   Red Hat currently provides the libraries and capabilities to interface with SCAP on a few different fronts, most notably through Satellite. The technical data is still not provided by Red Hat directly through the supported RHEL base channels. This causes compliance issues within customer who does not allow the use of EPEL software. Adding this will help customers make informed decisions on security as it applies to their server hardening. 

3) Functional Requirements
   Identify business unit and package maintainer to collect updates from upstream and package them for distribution in RHEL base channels.

4) Is there already an RFE? 
   No

5) Timeline
   Currently there is no specific required version for inclusion by the customer, though inclusion is required eventually.

6) Is the sales team involved in this request?
   No

7) Affected packages:
   openscap and scap-security-guide

8) Customer testing:
   Customer is willing to test functionality when it is considered for implementation.
Comment 3 Shawn Wells 2014-02-13 17:05:56 UTC 
(In reply to David Sirrine from comment #0)
> 1) What is the nature and description of the request?
>    This request is to identify a package maintainer to include the
> scap-security-guide into the standard RHEL repositories which are currently
> available only from EPEL (https://fedorahosted.org/scap-security-guide/).
> 
> 2) Business Requirements
>    Red Hat currently provides the libraries and capabilities to interface
> with SCAP on a few different fronts, most notably through Satellite. The
> technical data is still not provided by Red Hat directly through the
> supported RHEL base channels. This causes compliance issues within customer
> who does not allow the use of EPEL software. Adding this will help customers
> make informed decisions on security as it applies to their server hardening. 
> 
> 3) Functional Requirements
>    Identify business unit and package maintainer to collect updates from
> upstream and package them for distribution in RHEL base channels.
> 
> 4) Is there already an RFE? 
>    No
> 
> 5) Timeline
>    Currently there is no specific required version for inclusion by the
> customer, though inclusion is required eventually.
> 
> 6) Is the sales team involved in this request?
>    No

Feel free to use myself as the sales rep for this (on behalf of U.S. Public Sector).

Dave Egts as our chief technologist.



> 
> 7) Affected packages:
>    openscap and scap-security-guide
> 
> 8) Customer testing:
>    Customer is willing to test functionality when it is considered for
> implementation.

Happy to add color around customer demand for this as needed.
Comment 4 David Sirrine 2014-02-14 15:17:05 UTC 
Shawn,

Thank you for supplying this feedback here. This RFE coincides with bug 1059921 to help increase documentation of OpenSCAP within the product. I, as well as others, are seeing quite a bit of interest in OpenSCAP, and the better we can provide documentation and usability, the more likely it is they will use it. If there are any questions, comments, or concerns. Please feel free to reach out.

Regards,

David Sirrine, RHCE
Technical Account Manager
Global Support Services
Comment 5 Shawn Wells 2014-02-19 17:14:34 UTC 
Question: Is there a reason this BZ is marked employee internal? Can we open this up to the public? Customer specific RFE comments can be marked private.
Comment 6 David Sirrine 2014-02-19 18:37:35 UTC 
Answer: No. No reason this is marked employee internal. Should have been public to begin with.
Comment 7 Shawn Wells 2014-02-19 20:15:10 UTC 
(In reply to David Sirrine from comment #6)
> Answer: No. No reason this is marked employee internal. Should have been
> public to begin with.

Thanks. Clearing RHT internal flags.
Comment 10 Shawn Wells 2014-02-25 22:45:37 UTC 
(In reply to Shawn Wells from comment #7)
> (In reply to David Sirrine from comment #6)
> > Answer: No. No reason this is marked employee internal. Should have been
> > public to begin with.
> 
> Thanks. Clearing RHT internal flags.

Looks like I missed an internal flag. Setting to public.
Comment 14 Šimon Lukašík 2014-07-04 18:44:52 UTC 
The effort to include scap-security-guide is tracked under bug 1066390. The scap-security-guide package has been handovered to QA and it is on its way to live.

Thank you guys for the feature request! And kudos to Jan for taking maintainership!

*** This bug has been marked as a duplicate of bug 1066390 ***