That is a good question! I'll talk to folks internally about getting that set as "always security". Pat On 9/4/19 6:55 PM, Kraus, Dave (GE Healthcare) wrote: > Random observation of the day - why is scap-security-guide not one of the packages that always goes into security when it is updated? > > Given that selinux updates are (per the FAQ), that is... > > I guess that selinux is more active at runtime, and scap-security-guide/openscap is passive might be a good argument. And the FAQ does cover it. > > Not trying to start any arguments, just wondering. > > Our spin is going into an LTM phase per a change in direction from our management, and revisiting the whole security updates for prior releases policy. And we do push use of openscap and the scap-security-guide, which gets good enhancements that should be backward compatible. > > Ah well, as I said, not trying to start an argument, and just something that sunk into my head today... > -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org