content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

Add a disclaimer for non-endorsement

Open inntran opened this issue 3 years ago • 1 comments

Description of problem:

There are a few distros see "getting code into this repo" as an endorsement from the CaC community. In the 1st paragraph of their PR(press release, public relations) article, they say:

(Original: Chinese) 近日,龙蜥操作系统(Anolis OS)下游发行版 Alibaba Cloud Linux 2/3(以下简称Alinux 2/3)以及统信软件 UnionTech OS Server v20(以下简称 UOS v20)先后完成与国际知名安全社区 OpenSCAP 的产品支持整合,并成为 OpenSCAP 官方首批支持的国内 OS 产品。

(English translation) Recently, Alibaba Cloud Linux 2/3 (hereinafter referred to as Alinux 2/3) and the UnionTech software UnionTech OS Server v20 (hereinafter referred to as UOS v20) have completed the product support integration with the internationally renowned security community OpenSCAP, and have become the first batch of domestic OS products officially supported by OpenSCAP.

SCAP Security Guide Version:

N/A

Operating System Version:

Alinux(Alibaba Linux) and UOS v20

Additional Information/Debugging Steps:

Press releases:

  • https://ost.51cto.com/posts/14569
  • https://segmentfault.com/a/1190000042104629
  • https://developer.aliyun.com/article/985315
  • http://blog.itpub.net/70004278/viewspace-2905547/
  • https://mp.weixin.qq.com/s?src=11&timestamp=1657729909&ver=3918&signature=hvJRih1RJ-wK9D7CnbUdjl0bAAU2pGLmubaIoykhATwyHE2i69L86hQFftYeOZReO0jt9k9Gfzn5oUpYXxAZ4nmuRr4EzdsVAmzzgrWdjGbf6nf*s0RejZGMlWI875

The PR got Alinux in: https://github.com/ComplianceAsCode/content/pull/8566 Recent changes: https://github.com/ComplianceAsCode/content/commits/master/products/alinux2 https://github.com/ComplianceAsCode/content/commits/master/products/alinux3

The PR got UOS v20 in: https://github.com/ComplianceAsCode/content/pull/8779 Recent changes: https://github.com/ComplianceAsCode/content/commits/master/products/uos20

inntran avatar Jul 13 '22 16:07 inntran

Thanks for the idea. I believe it is fair for the users and general public if we add some statement which will explain that the presence itself does not mean anything. The content needs to be maintained with the full understanding of both the product and the policies that it implements to be of a security benefit.

dahaic avatar Jul 13 '22 17:07 dahaic