open_agenda
LOGS 
16:03:11 <shepdelacreme> #startmeeting Open Agenda
16:03:12 <zodbot> Meeting started Thu Dec 27 16:03:11 2018 UTC.
16:03:12 <zodbot> This meeting is logged and archived in a public location.
16:03:12 <zodbot> The chair is shepdelacreme. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:12 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:03:12 <zodbot> The meeting name has been set to 'open_agenda'
16:03:29 <shepdelacreme> #chair cyberpear
16:03:29 <zodbot> Current chairs: cyberpear shepdelacreme
16:04:21 <shepdelacreme> The only thing I have to start off with is that we have the first cut of the documentation generator
16:04:57 <shepdelacreme> Available here for now: https://rhel7-stig.readthedocs.io/en/latest/
16:05:02 <cyberpear> awesome!
16:05:25 <shepdelacreme> Still needs some content in a couple places
16:05:44 <shepdelacreme> mainly the "deployer notes" for each task need to be filled out
16:05:57 <shepdelacreme> and then a couple other minor sections
16:06:44 <cyberpear> is that automatically rebuilt from merges to devel?
16:07:11 <shepdelacreme> yup
16:07:30 <shepdelacreme> We are using RTD for the autobuilds
16:07:57 <shepdelacreme> devel, master, and any new releases/tags should be built and published automatically
16:08:09 <cyberpear> nice
16:08:53 <shepdelacreme> also in RTD latest = devel and stable = most recent tagged release
16:08:54 <cyberpear> does "latest" track "devel" or the most recent github "release"?
16:08:59 <cyberpear> ok
16:09:30 <shepdelacreme> We can what latest points to if we are so inclined but I thought this made the most sense
16:09:47 <cyberpear> makes sense to me
16:10:07 <cyberpear> devel is likely what most people should use anyway
16:10:24 <shepdelacreme> agreed
16:11:31 <shepdelacreme> Thats all I have for this week I'll open it up for anything else though
16:11:39 <shepdelacreme> #topic open floor
16:12:48 <cyberpear> #topic Disruptive Tasks
16:13:29 <cyberpear> while using the RHEL6 role, I ran into instances where tasks that removed packages were causing headaches
16:13:52 <cyberpear> this was running against already-deployed systems
16:14:59 <shepdelacreme> right
16:15:19 <cyberpear> in an ideal case, users will know what services are needed
16:15:25 <shepdelacreme> those types of tasks were always a bit finicky to me
16:16:19 <cyberpear> it might be worthwhile to gate those behind our distruption-high tasks...
16:16:23 <shepdelacreme> people SHOULD know what software and services are needed for each host but that is almost never the case
16:16:44 <shepdelacreme> I'm good with that approach
16:17:39 <cyberpear> #action cyberpear to open tickets to gate package removal behind disruption-high
16:18:15 <cyberpear> no ETA on when I'd have time to do it as the task of hardening the particular systems is complete
16:18:32 <shepdelacreme> ok
16:18:54 <cyberpear> #topic open floor
16:22:19 <shepdelacreme> So I don't think there are many users of the RHEL7 CIS benchmark that frequent IRC
16:23:04 <shepdelacreme> But I wanted to work on starting to bring the current CIS role in line with the standards we set out for the STIG roles
16:23:36 <cyberpear> (I haven't yet needed CIS myself...)
16:23:42 <cyberpear> definitely good to standardize
16:24:16 <shepdelacreme> yeah...I'll probably start creating some tickets there and then reference the decisions we made for the STIG role
16:25:01 <shepdelacreme> See what the feedback from the community is...I don't want to keep maintaining two wildly different roles though
16:25:34 <shepdelacreme> The other part is that I'd like to reuse my documentation generator but since the CIS XCCDF content is not freely available I can't
16:25:52 <cyberpear> In my tweaks to benchparse, I didn't touch the CIS code...
16:26:02 <cyberpear> is CIS proprietary?
16:26:14 <shepdelacreme> Their SCAP content is
16:26:19 <cyberpear> hmm
16:26:41 <shepdelacreme> The PDFs are free to download but you have to register on their site
16:26:57 <shepdelacreme> And they have some sticky redistribution clauses
16:27:17 <cyberpear> good to know
16:27:25 <shepdelacreme> Problem is that most commercial entities and many civilian government groups are going to use CIS over STIG
16:28:31 <shepdelacreme> I toyed around with parsing their PDFs into plaintext and then extracting the data that way...its doable but not as simple as parsing XML
16:29:57 <shepdelacreme> alright well I don't have anything else to discuss
16:30:19 <shepdelacreme> last call before I shut this meeting down :)
16:30:28 <cyberpear> would be cool to get those CIS folks involved, but not sure they'd be interested...
16:30:51 <cyberpear> nothing else from me
16:31:05 <shepdelacreme> yeah...I'll make a push to get them on this IRC channel and involved in the meetings
16:31:18 <shepdelacreme> #endmeeting
Meetbot Logs © 2021-2022 Fedora Websites and Apps Team (Sources)