Bug 503593

Summary: Include openscap package
Product: Red Hat Enterprise Linux 6 Reporter: Steve Grubb <sgrubb>
Component: openscapAssignee: Peter Vrabec <pvrabec>
Status: CLOSED CURRENTRELEASE QA Contact: Ondrej Moriš <omoris>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: degts, ebenes, notting, pvrabec, rring, snagar, syeghiay, tao
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openscap-0.5.11-1.el6 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-02 19:39:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 519820    

Description Steve Grubb 2009-06-01 19:54:54 UTC 
Please include the openscap package in RHEL6. This will provide a common SCAP implementation that various tools can use.
Comment 1 Bill Nottingham 2009-06-02 18:47:56 UTC 
Under what circumstances should it be installed?
Comment 2 Steve Grubb 2009-06-02 19:04:19 UTC 
The package, at this point, does not need to be installed until needed. The openscap package is to provide the foundation for SCAP enabled tools. SCAP will find its way into our layered products, we have partners that can leverage it just by it being available, our security response team can issue perl scripts that customers can use to check their patch level, some of our security guidance doc writers would like to swing their tools over to take advantage of this if its known to be included, and it would also make a big statement that we intend to back SCAP.
Comment 4 RHEL Program Management 2009-06-15 21:01:26 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 5 Rick Ring 2009-06-22 14:16:35 UTC 
Please also include the openscap package in upcoming releases of RHEL4 and RHEL5.  Current customers need the same capability.

Government customers have a difficult time finding the right package version for a given IA requirement. In some cases, there's a CVE number, and that's made useful by the yum-security plugin and the RHN http://rhn.redhat.com/cve/CVE-xxxx-xxxx.html content. Sometimes, there is no CVE number. In either case, many have grown accustomed to writing their own scripts to parse the rpm changelog for the fix that they need. This is obviously wrong, but there's no good alternative -- especially if they're disconnected from RHN.  Users can download OpenSCAP today. It's not supported, but it's able to read the Security Response Team's OVAL content, which can be downloaded and used offline. Support for NIST's XCCDF content for RHEL is almost there, and later in 2009 will have full SCAP support.
Comment 6 Steve Grubb 2009-09-28 20:59:32 UTC 
*** Bug 449163 has been marked as a duplicate of this bug. ***
Comment 9 Ondrej Moriš 2010-04-14 13:22:54 UTC 
Successfully verified on all archs.

Package openscap-0.5.6-1.el6 is included in RHEL6-20100408.0 tree, rpmbuild successfully builds the package, all functionality work as expected according to self-test. 

However there is a minor issue on i386 (BZ#581851), it's definitely not a blocking bug.
Comment 10 releng-rhel@redhat.com 2010-07-02 19:39:34 UTC 
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.