Please include the openscap package in RHEL6. This will provide a common SCAP implementation that various tools can use.
Under what circumstances should it be installed?
The package, at this point, does not need to be installed until needed. The openscap package is to provide the foundation for SCAP enabled tools. SCAP will find its way into our layered products, we have partners that can leverage it just by it being available, our security response team can issue perl scripts that customers can use to check their patch level, some of our security guidance doc writers would like to swing their tools over to take advantage of this if its known to be included, and it would also make a big statement that we intend to back SCAP.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
Please also include the openscap package in upcoming releases of RHEL4 and RHEL5. Current customers need the same capability.
Government customers have a difficult time finding the right package version for a given IA requirement. In some cases, there's a CVE number, and that's made useful by the yum-security plugin and the RHN http://rhn.redhat.com/cve/CVE-xxxx-xxxx.html content. Sometimes, there is no CVE number. In either case, many have grown accustomed to writing their own scripts to parse the rpm changelog for the fix that they need. This is obviously wrong, but there's no good alternative -- especially if they're disconnected from RHN. Users can download OpenSCAP today. It's not supported, but it's able to read the Security Response Team's OVAL content, which can be downloaded and used offline. Support for NIST's XCCDF content for RHEL is almost there, and later in 2009 will have full SCAP support.
*** Bug 449163 has been marked as a duplicate of this bug. ***
Successfully verified on all archs.
Package openscap-0.5.6-1.el6 is included in RHEL6-20100408.0 tree, rpmbuild successfully builds the package, all functionality work as expected according to self-test.
However there is a minor issue on i386 (BZ#581851), it's definitely not a blocking bug.
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.