RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 503593 - Include openscap package
Summary: Include openscap package
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openscap
Version: 6.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Peter Vrabec
QA Contact: Ondrej Moriš
URL:
Whiteboard:
: 449163 (view as bug list)
Depends On:
Blocks: 519820
TreeView+ depends on / blocked
 
Reported: 2009-06-01 19:54 UTC by Steve Grubb
Modified: 2018-10-27 12:31 UTC (History)
8 users (show)

Fixed In Version: openscap-0.5.11-1.el6
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-07-02 19:39:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Steve Grubb 2009-06-01 19:54:54 UTC 
Please include the openscap package in RHEL6. This will provide a common SCAP implementation that various tools can use.
Comment 1 Bill Nottingham 2009-06-02 18:47:56 UTC 
Under what circumstances should it be installed?
Comment 2 Steve Grubb 2009-06-02 19:04:19 UTC 
The package, at this point, does not need to be installed until needed. The openscap package is to provide the foundation for SCAP enabled tools. SCAP will find its way into our layered products, we have partners that can leverage it just by it being available, our security response team can issue perl scripts that customers can use to check their patch level, some of our security guidance doc writers would like to swing their tools over to take advantage of this if its known to be included, and it would also make a big statement that we intend to back SCAP.
Comment 4 RHEL Program Management 2009-06-15 21:01:26 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 5 Rick Ring 2009-06-22 14:16:35 UTC 
Please also include the openscap package in upcoming releases of RHEL4 and RHEL5.  Current customers need the same capability.

Government customers have a difficult time finding the right package version for a given IA requirement. In some cases, there's a CVE number, and that's made useful by the yum-security plugin and the RHN http://rhn.redhat.com/cve/CVE-xxxx-xxxx.html content. Sometimes, there is no CVE number. In either case, many have grown accustomed to writing their own scripts to parse the rpm changelog for the fix that they need. This is obviously wrong, but there's no good alternative -- especially if they're disconnected from RHN.  Users can download OpenSCAP today. It's not supported, but it's able to read the Security Response Team's OVAL content, which can be downloaded and used offline. Support for NIST's XCCDF content for RHEL is almost there, and later in 2009 will have full SCAP support.
Comment 6 Steve Grubb 2009-09-28 20:59:32 UTC 
*** Bug 449163 has been marked as a duplicate of this bug. ***
Comment 9 Ondrej Moriš 2010-04-14 13:22:54 UTC 
Successfully verified on all archs.

Package openscap-0.5.6-1.el6 is included in RHEL6-20100408.0 tree, rpmbuild successfully builds the package, all functionality work as expected according to self-test. 

However there is a minor issue on i386 (BZ#581851), it's definitely not a blocking bug.
Comment 10 releng-rhel@redhat.com 2010-07-02 19:39:34 UTC 
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.
Note You need to log in before you can comment on or make changes to this bug.