Re: audit-3.0

Hello Philippe, On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote: The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. The package version should be a clue that this is a git snapshot. The Fedora packaging guidelines say that if it is a pre-release git snapshot, version must start with 0 so it can be overridden in the future, and the date + git + last commit hash must be included so that anyone can identify exactly what this is. Why? Anything put into RHEL is carefully tested. (Fedora has also been running on alpha/git snapshots for about a year, too.) Also, I stopped feature development in audit-3.0 around August of last year. Everything going in since then has been bugs reported or discovered or at most small patches to support new kernel features. So, audit userspace should be considered as becoming mature, stable code that will not be developed at the same pace as before. I expect that when container support lands, there will be a couple rounds of development to make it nice to use. But then its back to listening for bug reports. To be honest, I think at this point anything of value is really higher up the stack. IOW, visualizing, aggregating, or alerting at scale. -Steve