I think that the decision was made to eliminate any 'official' government-style mappings in the builds that they simply cannot meet.

I agree that it should really be a flag that you can flip to turn them back on but I understand disabling them by default.

On Sat, Aug 3, 2019 at 6:04 AM Tim Burress <taj@fedoraproject.org> wrote:
Thanks for that! I can't help wondering if people have considered separating CentOS and SL so that they can be treated individually without a lot of workarounds? Given that the rules and the checks are already centralized in linux_os (I think), it seems like there wouldn't be too much duplication, though I the nice thing about the derivatives is that a change in RHEL automatically gets propagated to the derivatives.

Alternatively, I wonder why it was decided to remove profiles like OSPP from CentOS? Of course, no CentOS system could meet all of those criteria (like the need for commercial support), but it seems like that's a user decision, and it's much easier to de-select one rule than to hack the logic that pulls profiles out.

Just some early morning thoughts, though!

Tim
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org


--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --