Hi,
>> 1) one single changelog entry, targeting sid and initial release >> (Closes: #ITP) > 1) Exact, targeting sid only by now. "please use "unstable" as target suite, not "sid", and use -1 revision until it gets sponsored (dput -f, mentors won't complain) >> 8) does not build twice in a row (not a real issue) >8) Ok. I have to check why. I build through gbp and pbuilder so I didn't >see this issue because gbp and pbuilder works in a clean environment, they don't build it twice in the same location. >> 11) debian/README.Debian might be made more aware of directories, e.g. >> /usr/share/ssg" might save some sed'ing before running the command, >> unless you want to change packagename in the near future >11) I've updated the file to be more explicit. Yet I think that it still >need some more content. yes, having something to copy-paste might be useful >Why libopenscap8 & scap-workbench & scap-security-guide are separated: > >libopenscap8 is a set of tool using the SSG benchmarks to validate the >current OS security policy in comparison with official ones such as >PCI-DSS, NIST SP-800, ANSSI best practices, etc. Nevertheless, the >following case exists: >1) Hosting security policy in a security server >2) Hosting libopenscap on various targets >3) Launching security policy validation on remote targets automatically >using ansible, foreman, oscap-ssh or other to validate the policy of >each remote host from a single policy server and aggregate the results > >In that case, the security policy server only hosts the security >policies, not the libopenscap8. You will have something like that: >https://www.theforeman.org/plugins/foreman_openscap/0.4/ ok >I've updated the scap-security-guide package to set libopenscap as >"Recommends" instead of Depends at runtime for all binary pacakges. > >All these updates have been made in the 0.31.1-8 release of the package: > >https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-8.dsc and now the new review: that debian/lib and python changelog patch does not scale (version hardcoded in python script). I prefer no changelog instead of something hacky like this... in the future I really would like to see upstream shipping the changelog other stuff seems good to me G.
