On 07/05/2017 04:17 PM, Robie Basak wrote: > On Wed, Jul 05, 2017 at 12:26:08PM +0200, Jesus Linares wrote: >> In Xenial, the oscap version is 1.2.8, that supports OVAL 5.11 and these >> files work properly. When the *libopenscap8 *package will be updated?. > > Updated to what version? > > If you want something in an existing stable release updated, we > generally don't do that for new features. That's the point of stable > releases. See https://wiki.ubuntu.com/StableReleaseUpdates and > https://wiki.ubuntu.com/UbuntuBackports for more information.
It may make sense to bump the version of openscap in 14.04. It currently can't consume the OVAL data that is generated from the Ubuntu CVE Tracker: https://people.canonical.com/~ubuntu-security/oval/ The script that generates the OVAL data was contributed to the Ubuntu CVE Tracker project and is not something that the Ubuntu Security Team tests/verifies but the OVAL data is regenerated daily and there are people out there using it. In fact, Jesus Linares contributed a bug fix in the script so that he can make better use of the data. The reason why openscap in 14.04 can't consume the Ubuntu OVAL data to check the security stance of the system is because OVAL data for Debian based distros relies on deb-specific version comparison support only available in newer OVAL language standards. 14.04's openscap is too old to support the required OVAL language standard. I doubt anyone out there is making much use of the existing openscap in 14.04. If a newer version, such as what's in 16.04, was pulled back to trusty-updates, it might actually be useful. Note that I haven't looked at the changes between 14.04 and 16.04's openscap so I don't know how disruptive such a backport would be. I also don't have the time to prepare and test such a backport. I just wanted to elaborate on why Jesus is advocating for the backport as I feel like it could be something worth an exception to the usual SRU rules. Tyler
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
