Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
First, thanks Tobi for your message !
I've corrected Warnings and Informational from lintian. Pedantic ones are harder to correct :
- there is no explicit upstream changelog in sources, the scap-security-guide.spec is used as a changelog file. I deploy it through the ssg-base package
- other binary packages don't deploy this file, ssg-base being a dependency of all other binary pacakges
- there is not gpg check available on the github repository for uscan
- the .svn control dir is voluntary in the upsteam sources, used as a "git submodule" like mechanism for the Red-Hat specific documentation
- duplicated files is due to a current work on new PCIDSS derivative on which the RedHat team is working. When the 0.1.31 version has been released, the derivative was just a duplication of the PCIDSS content.
To continue this mail in a standard way... I am looking for a sponsor for my package "scap-security-guide"
Package name : scap-security-guide
Version : 0.1.31-6
Upstream Author : Watson Yuuma Sato (wsato@redhat.com)
URL :https://www.open-scap.org/security-policies/scap-security-guide/
License : unlicenced (seehttps://github.com/OpenSCAP/scap-security-guide/blob/master/LICENSE)
Section : admin
It builds those binary packages:
ssg-base - SCAP Security guide base content and documentation
ssg-debian8 - SCAP Guides and benchmarks targeting Debian 8
ssg-firefox - SCAP Guides and benchmarks targeting Firefox Browser
ssg-jre - SCAP Guides and benchmarks targeting Java Runtime Environment
ssg-rhel5 - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 5
ssg-rhel6 - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 6
ssg-rhel7 - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 7
ssg-ubuntu1604 - SCAP Guides and benchmarks targeting Ubuntu 16.04
ssg-webmin - SCAP Guides and benchmarks targeting Webmin
To access further information about this package, please visit the following URL:
https://mentors.debian.net/package/scap-security-guide
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-6.dsc
More information about scap-security-guide can be obtained fromhttps://www.open-scap.org/security-policies/scap-security-guide
The repository is onhttps://github.com/OpenSCAP/scap-security-guide
Changes since the last upload:
* Various corrections for lintian conformity. Only pedantic and experimental are still present.
About SCAP-security-guide:
SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian.
The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides
for various targets not deployed by the OpenSCAP core package, but
supported by the SCAP-security-guide community in which I work as
contributor for Ubuntu, Debian and ANSSI best practices.
Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployment against standard security policies such as ANSSI
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM
or docker templates.
Regards,
Philippe Thierry
Reply to: