I think I've figured a way forward with macros, and also for how to handle the manual check content.
I propose that we position the manual check content for processing as OCIL, and stored it in-line with the XCCDF (following the description, which we are using to store the configuration/rememdiation actions).
The next patches from me will demonstrate (and also allow for viewing of proposed check content).
It doesn't make legitimate OCIL at all yet -- it's just positioned to become OCIL (so forgive my made-up <ocil> tag for now.) But the later adjustment should be transparent to content authors anyway.
On 09/06/2012 12:56 PM, Michael J. McConachie wrote:
Jeff,
Thanks for the confirmation. I agree about the macro idea -- I ran that by my folks here as well, and I was told that for the time being we'll shelve it, and move forward. I'm glad that I'm not the only one that sees it that way.
As for me, what I thought of doing was matching what OVAL is actually doing at the OS level for its checks, and align it with the description text that the user will see. As you already know, so many people (in the arenas who'll use this product) may/may not trust the check scripts, and they may want to do their own checks.
Will commit per this reply of yours.
Thanks.
Mike