Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard

To: "phil@reseau-libre.net" <phil@reseau-libre.net>, "853903@bugs.debian.org" <853903@bugs.debian.org>
Subject: Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Thu, 2 Mar 2017 13:59:26 +0000 (UTC)
Message-id: <[🔎] 780452342.711531.1488463166258@mail.yahoo.com>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>, 853903@bugs.debian.org
In-reply-to: <4aef8c74165abb421af83fc41f7a1a9b@reseau-libre.net>
References: <589252AE.4060604@reseau-libre.net> <487445802.2292221.1486055597497@mail.yahoo.com> <4aef8c74165abb421af83fc41f7a1a9b@reseau-libre.net>

Hi,


>> 1) one single changelog entry, targeting sid and initial release 

>> (Closes: #ITP)

> 1) Exact, targeting sid only by now.

"please use "unstable" as target suite, not "sid", and use -1 revision
until it gets sponsored (dput -f, mentors won't complain)

>> 8) does not build twice in a row (not a real issue)


>8) Ok. I have to check why. I build through gbp and pbuilder so I didn't
>see this issue


because gbp and pbuilder works in a clean environment, they don't build it twice
in the same location.

>> 11) debian/README.Debian might be made more aware of directories, e.g.
>> /usr/share/ssg" might save some sed'ing before running the command,
>> unless you want to change packagename in the near future

>11) I've updated the file to be more explicit. Yet I think that it still 
>need some more content.


yes, having something to copy-paste might be useful

>Why libopenscap8 & scap-workbench & scap-security-guide are separated:
>
>libopenscap8 is a set of tool using the SSG benchmarks to validate the 
>current OS security policy in comparison with official ones such as 
>PCI-DSS, NIST SP-800, ANSSI best practices, etc. Nevertheless, the 
>following case exists:
>1) Hosting security policy in a security server
>2) Hosting libopenscap on various targets
>3) Launching security policy validation on remote targets automatically 
>using ansible, foreman, oscap-ssh or other to validate the policy of 
>each remote host from a single policy server and aggregate the results
>
>In that case, the security policy server only hosts the security 
>policies, not the libopenscap8. You will have something like that:
>https://www.theforeman.org/plugins/foreman_openscap/0.4/


ok
>I've updated the scap-security-guide package to set libopenscap as 
>"Recommends" instead of Depends at runtime for all binary pacakges.
>
>All these updates have been made in the 0.31.1-8 release of the package:
>
>https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-8.dsc

and now the new review:




that debian/lib and python changelog patch does not scale
(version hardcoded in python script).
I prefer no changelog instead of something hacky like this...

in the future I really would like to see upstream shipping the changelog

other stuff seems good to me

G.

Reply to:

Follow-Ups:
- Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
  - From: phil@reseau-libre.net

Prev by Date: Bug#845710: removed Vcs fields
Next by Date: Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Previous by thread: Bug#845710: removed Vcs fields
Next by thread: Bug#853903: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Index(es):
- Date
- Thread