This bug was initially created as a copy of Bug #2222583 I am copying this bug because: This issue also affects RHEL7. Description of problem: When trying to scan with ssg-rhel7-ds profile, the remote resource is not available anymore on Red Hat web site: -----------8< -----------8< -----------8< -----------8< -----------8< ----------- # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 2>&1 | grep 'WARNING:' WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL7.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2' file which is referenced from datastream -----------8< -----------8< -----------8< -----------8< -----------8< ----------- File not found: -----------8< -----------8< -----------8< -----------8< -----------8< ----------- # curl -s -I -w "%{http_code}" 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2' -o /dev/null 404 -----------8< -----------8< -----------8< -----------8< -----------8< ----------- Only V2 version are available in https://access.redhat.com/security/data/oval Why the old versions have been removed, even if they are not updated anymore, they are needed for previous packages. > Version-Release number of selected component (if applicable): scap-security-guide-0.1.66-1.el7_9.noarch > How reproducible: always > Steps to Reproduce: 1. yum install scap-security-guide.noarch 2. run command # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 3. > Actual results: Profile not updated > Expected results: Remote ressource available on Red Hat web site > Additional info: This issue affects all OSCAP user of RHEL7.
Fixed upstream: https://github.com/ComplianceAsCode/content/pull/10842