Development meeting II proposal

Hello all,

I would like to propose a second XCCDF developer meeting to be held in two weeks. The time and duration of the last meeting appeared to work, so let's plan on starting at 3:00 PM, Eastern Time, and running for 90 minutes. If you have a preference, please respond to me ([hidden email]) and let me know which of the following days works best for you: Tues Sept 8, Wed Sept 9, or Thurs Sept 10. I will send a final schedule and dial-in number later this week. Please respond by close-of-business on Thursday if you have a preference on dates.

I propose this meeting focus on how to identify versions of checks. Specifically, how (or if) a check-content-ref should identify the version of a check to call and how (if) a rule-result should reliably identify the check that produced the recorded result. I have attached an initial write-up and proposal to this email. I encourage people to read and discuss the issue and proposal over the mailing list ahead of time. (Especially if you are aware of an issue that you feel makes any such changes infeasible for your organization.)

As always, comments or suggestions regarding these meetings are welcome.

Thanks,
Charles Schmidt
The MITRE Corp.

Charles:

The Minutes looks good!!

Thanks for warning me that any email from [hidden email] --like your message below--might get blocked.  It did but I managed to access your message through the Sophos utility mentioned in the quarantine message.

My preference for the next meeting is Tuesday, September 8.

Beth

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Schmidt, Charles M.
Sent: Tuesday, August 25, 2009 3:38 PM
To: Multiple recipients of list
Subject: Development meeting II proposal

Hello all,

I would like to propose a second XCCDF developer meeting to be held in two weeks. The time and duration of the last meeting appeared to work, so let's plan on starting at 3:00 PM, Eastern Time, and running for 90 minutes. If you have a preference, please respond to me ([hidden email]) and let me know which of the following days works best for you: Tues Sept 8, Wed Sept 9, or Thurs Sept 10. I will send a final schedule and dial-in number later this week. Please respond by close-of-business on Thursday if you have a preference on dates.

I propose this meeting focus on how to identify versions of checks. Specifically, how (or if) a check-content-ref should identify the version of a check to call and how (if) a rule-result should reliably identify the check that produced the recorded result. I have attached an initial write-up and proposal to this email. I encourage people to read and discuss the issue and proposal over the mailing list ahead of time. (Especially if you are aware of an issue that you feel makes any such changes infeasible for your organization.)

As always, comments or suggestions regarding these meetings are welcome.

Thanks,
Charles Schmidt
The MITRE Corp.


---------------------------------------------------------------

To unsubscribe from this mailing list, please send an e-mail to
[hidden email] with the words "unsubscribe xccdf-dev" in the
body. You will need to send this from the email account that you
used to initially subscribe to xccdf-dev.

Hi Charles,

Can you send us the date for the next meeting?

My thoughts on the subject:
We can't guarantee all checking systems will be able to version at the
check level so skip it.
We can't guarantee all checking systems will be able to version at using
internal metadata structures so skip it.
We can guarantee a file or other URI (when the check is not inlined into
the XCCDF)
        That resource can have a set of attributes.  Since the X in
XCCDF is for eXtensible, we should be flexible.
        Multiple hashes are an obvious choice
        For files on filing systems, file creation date is another
obvious choice


If we have two rules in an XCCDF document, should they be able to refer
to two versions of the same checking system external reference?  I think
so, but it seems like quite a headache.  If we could say no, it would
make life a lot easier and we could make use of that assumption.

Thanks,

Vladimir Giszpenc
DSCI Contractor Supporting
US Army CERDEC S&TCD IAD Tactical Network Protection Branch
(732) 532-8959

> Hello all,
>
> I would like to propose a second XCCDF developer meeting to be held in
> two weeks. The time and duration of the last meeting appeared to work,
> so let's plan on starting at 3:00 PM, Eastern Time, and running for 90
> minutes. If you have a preference, please respond to me
> ([hidden email]) and let me know which of the following days
works

---------------------------------------------------------------

To unsubscribe from this mailing list, please send an e-mail to
[hidden email] with the words "unsubscribe xccdf-dev" in the
body. You will need to send this from the email account that you
used to initially subscribe to xccdf-dev.