[Clip] New to Clip
Karl MacMillan
kmacmillan at tresys.com
Tue Jan 18 09:38:52 CST 2011
> -----Original Message-----
> From: clip-bounces at oss.tresys.com [mailto:clip-bounces at oss.tresys.com]
On
> Behalf Of Aaron Prayther
> Sent: Tuesday, January 18, 2011 10:21 AM
> To: clip at oss.tresys.com
> Subject: Re: [Clip] New to Clip
>
> Is the pending release going to address compatibility issues between
> clip, puppet content and secstate. I was under the impression that
> current clip, puppet content would not be compatible with secstate. I
> never knew the details behind that though.
>
This will be the old clip - so not addressing the integration. There is
no real incompatibility, but the puppet content needs to be crafted to
allow the integrated customization XCCDF and puppet. This is mainly used
to set a variable in XCCDF (such as minimum password length) and have
that automatically picked up by puppet. Additionally, without carefully
writing the puppet it is easy to cause over-remediation when using
secstate to remediate.
Karl
> Aaron Prayther
>
> -----Original Message-----
> From: clip-bounces at oss.tresys.com [mailto:clip-bounces at oss.tresys.com]
> On Behalf Of Karl MacMillan
> Sent: Tuesday, January 18, 2011 10:14 AM
> To: Stephen Smalley; Brandon Whalen
> Cc: clip at oss.tresys.com
> Subject: Re: [Clip] New to Clip
>
>
>
> > -----Original Message-----
> > From: clip-bounces at oss.tresys.com
[mailto:clip-bounces at oss.tresys.com]
> On
> > Behalf Of Stephen Smalley
> > Sent: Thursday, January 13, 2011 9:00 AM
> > To: Brandon Whalen
> > Cc: clip at oss.tresys.com
> > Subject: Re: [Clip] New to Clip
> >
> > On Tue, 2011-01-11 at 13:02 -0500, Brandon Whalen wrote:
> > > John,
> > >
> > > During the last year we (Tresys) have been focusing our efforts on
> > changing
> > > how the lockdown and SCAP validation content of CLIP is built and
> used as
> > > part of the secstate project (https://fedorahosted.org/secstate/).
> While
> > > that has been successful, we currently have a dilemma: secstate
and
> it's
> > > associated content aren't ready to go and CLIP needs updating for
> RHEL
> > 5.5.
> > > Basically, we're trying to decide whether we can get the future
path
> > ready
> > > to go quickly enough for current needs or whether we should keep
> current
> > > CLIP updated for RHEL 5 and move to secstate for RHEL 6.
> > >
> > > My guess is that we'll try to do at least one more CLIP release to
> cover
> > > RHEL 5.5. We have some patches internally and we've had some
> > conversations
> > > with other CLIP users offline about changes that they did for 5.5.
> Do you
> > > have any interest in helping test a 5.5 version?
> >
> > FWIW, RHEL 5.6 was just released, so that makes a 5.5 version
somewhat
> > moot IMHO.
> >
>
> Well, we at least need a 5.5 version for things in progress and we've
> done the work - so a release will likely happen. Hopefully we can then
> do a 5.6.
>
> Karl
>
> > --
> > Stephen Smalley
> > National Security Agency
> >
> > _______________________________________________
> > Clip mailing list
> > Clip at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/clip
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
More information about the Clip
mailing list