On Thu, 2014-03-13 at 14:45 -0400, Jan Lieskovsky wrote: > > On Thu, Mar 13, 2014 at 01:40:53PM -0400, Jan Lieskovsky wrote: > > > > > Of course, in the case they wouldn't like to configure any security > > > policy and use just vanilla Fedora installation, the can "ignore" > > > the security section, configure just those sections as configured > > > (required to be configured) now (e.g. INSTALLATION SOURCE, SOFTWARE > > > SELECTION etc.), and click the "Begin Installation" button. In that > > > case no security profile would be applied. > > > > The demos seem to cover the case where there's already data provided > > from the Kickstart file. What options are presented to the user if > > there's no oscap entry in Kickstart? Is the user expected to provide a > > path to download a policy? > > Yes, there are two ways how to provide the policy - either via kickstart > or via GUI by entering the HTTP / FTP URI [*] of the policy (in RPM > package format) and clicking the "Fetch data" button. The SCAP Security Guide content is loaded automatically (if available) and even when user clicks the "Change content" button, there is again the "Use SCAP Security Guide" button that gives them SSG back. Otherwise fetching data stream collection (XML), archive (zip or tarball) or RPM is supported so far. Other protocols and format types may be added in the future based on user feedback and requests. > > I can remember seeing some video from Vratislav demonstrating the 'fetch > security policy in RPM format remotely' scenario too, but you are right > it's not illustrated in those demos (yet). Vratislav, can you add > demo video of this use case too? The RPM support is demonstrated in the following video preview: http://vpodzime.fedorapeople.org/oaa-0.4-changes.webm However, I see that a new commented video preview would explain a lot of common questions appearing in this discussion, so I'll record one tomorrow and post it here and on the feature page. Thanks for the useful and constructive feedback, guys! -- Vratislav Podzimek Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
