> On Thu, Mar 13, 2014 at 02:45:58PM -0400, Jan Lieskovsky wrote: > > > The demos seem to cover the case where there's already data provided > > > from the Kickstart file. What options are presented to the user if > > > there's no oscap entry in Kickstart? Is the user expected to provide a > > > path to download a policy? > > > > Yes, there are two ways how to provide the policy - either via kickstart > > or via GUI by entering the HTTP / FTP URI [*] of the policy (in RPM > > package format) and clicking the "Fetch data" button. > > Ok. I'm kind of struggling to imagine the scenario where a user actually > wants to do that. What's the use-case for providing UI rather than > limiting deployment to Kickstart? One hypothetical [*] scenario coming to my mind being the users might be willing to provide customized policy content to Fedora installation. Let's suppose the case there is a SCAP content for vulnerability checking (and ensuring some restrictions) for Fedora systems. Something like is done for Red Hat Enterprise Linux case: https://www.redhat.com/security/data/metrics/ So once such content is there, the user's might want to download those definitions, create format accepted by OSCAP Anaconda Addon (tarball / RPM), and provide that content to the new instance to be installed without the need to use / understand kickstart format at all. Since SCAP protocol doesn't support just security configuration information, but also for example patch management, the users might create their custom content (ensuring some configuration / patch would be applied) in form of tarball / RPM to OSCAP Anaconda Addon which would satisfy that patch is present on the installed system (under assumption provided content has had proper format). The possibilities of SCAP protocol: http://scap.nist.gov/ are not limited just to security configuration management (our security policy related proposal is just one use case what can be done with this technology). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team [*] hypothetical because there does not exist such a content (AFAICT) yet. > > -- > Matthew Garrett | mjg59@xxxxxxxxxxxxx > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
