16:03:11 #startmeeting Open Agenda 16:03:12 Meeting started Thu Dec 27 16:03:11 2018 UTC. 16:03:12 This meeting is logged and archived in a public location. 16:03:12 The chair is shepdelacreme. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:03:12 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:03:12 The meeting name has been set to 'open_agenda' 16:03:29 #chair cyberpear 16:03:29 Current chairs: cyberpear shepdelacreme 16:04:21 The only thing I have to start off with is that we have the first cut of the documentation generator 16:04:57 Available here for now: https://rhel7-stig.readthedocs.io/en/latest/ 16:05:02 awesome! 16:05:25 Still needs some content in a couple places 16:05:44 mainly the "deployer notes" for each task need to be filled out 16:05:57 and then a couple other minor sections 16:06:44 is that automatically rebuilt from merges to devel? 16:07:11 yup 16:07:30 We are using RTD for the autobuilds 16:07:57 devel, master, and any new releases/tags should be built and published automatically 16:08:09 nice 16:08:53 also in RTD latest = devel and stable = most recent tagged release 16:08:54 does "latest" track "devel" or the most recent github "release"? 16:08:59 ok 16:09:30 We can what latest points to if we are so inclined but I thought this made the most sense 16:09:47 makes sense to me 16:10:07 devel is likely what most people should use anyway 16:10:24 agreed 16:11:31 Thats all I have for this week I'll open it up for anything else though 16:11:39 #topic open floor 16:12:48 #topic Disruptive Tasks 16:13:29 while using the RHEL6 role, I ran into instances where tasks that removed packages were causing headaches 16:13:52 this was running against already-deployed systems 16:14:59 right 16:15:19 in an ideal case, users will know what services are needed 16:15:25 those types of tasks were always a bit finicky to me 16:16:19 it might be worthwhile to gate those behind our distruption-high tasks... 16:16:23 people SHOULD know what software and services are needed for each host but that is almost never the case 16:16:44 I'm good with that approach 16:17:39 #action cyberpear to open tickets to gate package removal behind disruption-high 16:18:15 no ETA on when I'd have time to do it as the task of hardening the particular systems is complete 16:18:32 ok 16:18:54 #topic open floor 16:22:19 So I don't think there are many users of the RHEL7 CIS benchmark that frequent IRC 16:23:04 But I wanted to work on starting to bring the current CIS role in line with the standards we set out for the STIG roles 16:23:36 (I haven't yet needed CIS myself...) 16:23:42 definitely good to standardize 16:24:16 yeah...I'll probably start creating some tickets there and then reference the decisions we made for the STIG role 16:25:01 See what the feedback from the community is...I don't want to keep maintaining two wildly different roles though 16:25:34 The other part is that I'd like to reuse my documentation generator but since the CIS XCCDF content is not freely available I can't 16:25:52 In my tweaks to benchparse, I didn't touch the CIS code... 16:26:02 is CIS proprietary? 16:26:14 Their SCAP content is 16:26:19 hmm 16:26:41 The PDFs are free to download but you have to register on their site 16:26:57 And they have some sticky redistribution clauses 16:27:17 good to know 16:27:25 Problem is that most commercial entities and many civilian government groups are going to use CIS over STIG 16:28:31 I toyed around with parsing their PDFs into plaintext and then extracting the data that way...its doable but not as simple as parsing XML 16:29:57 alright well I don't have anything else to discuss 16:30:19 last call before I shut this meeting down :) 16:30:28 would be cool to get those CIS folks involved, but not sure they'd be interested... 16:30:51 nothing else from me 16:31:05 yeah...I'll make a push to get them on this IRC channel and involved in the meetings 16:31:18 #endmeeting