Bug 1133963

Summary: Rebase scap-security-guide in Red Hat Enterprise Linux 6 to current upstream version
Product: Red Hat Enterprise Linux 6 Reporter: Jan Lieskovsky <jlieskov>
Component: scap-security-guideAssignee: Jan Lieskovsky <jlieskov>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: dapospis, ebenes, jlieskov, ksrot, mpreisle, pvrabec, rdoty, sforsber, slukasik, stephan.duehr, swells, tlavigne
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.21-3.el6 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-22 06:45:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1153397, 1159926, 1160321    

Description Jan Lieskovsky 2014-08-26 14:34:53 UTC
Description of problem:

The development model of scap-security-guide project (happening at https://github.com/OpenSCAP/scap-security-guide) is pretty agile / prompt (in the sense the available SCAP content is evolving pretty quickly. For the purposes of statistics, based on previous experience, it's about 70 changes per release). The current version of scap-security-guide package in Red Hat Enterprise Linux 6 is based on upstream 0.1.18 version.

This bug is to track request of scap-security-guide RPM rebase to more recent (current upstream version) in upcoming releases of Red Hat Enterprise Linux 6.

Comment 2 Jan Lieskovsky 2014-10-10 10:06:15 UTC
Headlines of (upcoming) 0.1.20 features:
* RHEL-6 USGCB kickstart support,
* stabilization of RHEL-6 USGCB OVAL checks & remediations

Comment 4 Shawn Wells 2014-11-04 15:30:29 UTC
To prepare for a RHEL 6.7 rebase, when should upstream have their code freeze? 

Thanks!
Shawn

Comment 5 Jan Lieskovsky 2014-11-11 14:13:45 UTC
(In reply to Shawn Wells from comment #4)
> To prepare for a RHEL 6.7 rebase, when should upstream have their code
> freeze? 
> 
> Thanks!
> Shawn

From SSG upstream PoV there are two main features, that should go into future / next SSG releases:
* USGCB kickstart support for Red Hat Enterprise Linux 6, and
* JBossEAP 5 content support.

Given the USGCB kickstart support is ~month away from completion, let's consider it will be implemented by the end of this year (time reserve due to end year holidays). Counting ~1,5 months for the second feature, we are in the middle of February. So let's round the date(s) as follows:
* 0.1.20 upstream release by end of this year,
* 0.1.21 at 20-th February of 2015 (the date to be easily memorable).

Comment 25 Stephan Dühr 2015-07-15 08:27:09 UTC
The RHEL 6.7 beta Package scap-security-guide-0.1.21-2.el6.noarch.rpm still has a dependency on openscap-utils, but it should depend on openscap-scanner as RHEL 6.7 beta now has a separate openscap-scanner package. Dependending on openscap-utils leads to installation of eg. rpm-build, rpmdevtools, gdb.

Comment 26 Jan Lieskovsky 2015-07-15 11:31:19 UTC
(In reply to Stephan Dühr from comment #25)
> The RHEL 6.7 beta Package scap-security-guide-0.1.21-2.el6.noarch.rpm still
> has a dependency on openscap-utils, but it should depend on openscap-scanner
> as RHEL 6.7 beta now has a separate openscap-scanner package. Dependending
> on openscap-utils leads to installation of eg. rpm-build, rpmdevtools, gdb.

Thank you for your report, Stephan. I have filed:
  https://bugzilla.redhat.com/show_bug.cgi?id=1243396

bug to track the request scap-security-guide RPM instead of openscap-utils to (R / BR) depend the lightweight openscap-scanner package.

Comment 28 errata-xmlrpc 2015-07-22 06:45:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1334.html