I’m not sure whether you would count this as a feature request or not, but could you please update the ‘Source Release’ date of the SCM fixlets/tasks to the date that you actually make them available on the External Sites. For example, all the new SCM fixlets in the new DISA STIG Checlists for Solaris’ have a release date of 27th August 2010 (as do the Deploy Tasks for the SCM scripts!).
Not only would it make it simpler to identify which taks/fixlets you have updated but it would also provide a basic version control.
I only realised that there were new SCM scripts available because I happened to look at the actionscript for the ‘Deploy and Run Security Checklist Solaris 10’ and noticed that the date of the zip file is 20110610.
Hi Mark, we consider “source” to refer to the source of the guidance itself, not the date we released the content. In this case, the source is DISA, who released the guidance on 27th August 2010.
Yes, I’ve heard that explanaition before. That argument, however, falls down when you consider that the majority of the SCM fixlets were around before 27th August 2010.
For patching - yes I agree that the source date should probably match the release date of the patch. For me, trying to manage updates to the SCM fixlets is very difficult when I can’t tell which ones have changed. I suspect that it’s going to get even worse with the new SCM fixlets with (hidden) embedded java script within the fixlet, and this idea of taking all the externally supplied fixlets and creating a custom site - how are we going to detect that there have been changes to the fixlets and re-sync our custom sites?
At least with the old method I could download a copy of the SCM scripts and compare them against the older ones to find out which ones have been bug-fixed and test those so that the changes don’t have any impact on my servers before deploying them.
Do IBM intend to produce a change list for every fixlet that they modify/fix and a new-content list for any new fixlets? I already spend too long administering my baselines as it is - keeping my custom sites up to date when I have no idea whether the fixlets have been modified or not is going to put even more of a strain on my time.
If you really can’t use the ‘Source Release Date’ field to indicate what date the fixlet was last modified, then maybe there should be a version control field added?