Comment 11 for bug 1782031

Joy Latten (j-latten) wrote :

I agree with the above analysis.

There is something else I have noticed... the openscap community consists of several components, one of them implements security-guides (scap content (checklists) to pass to oscap). xenial did not ship any security-guide component. However, bionic does. Bionic also includes the above mentioned changes.

In the past year the openscap community has made many improvements to the security-guides including creating a small checklist specifically for ubuntu-16.04. Bionic ships the security-guides in several packages,
   - ssg-debderived (contains ubuntu-16.04 checklist)
   - ssg-nondebian (contains rhel and sles checklists)
   - ssg-debian (contains debian checklist)

It is possible ubuntu users will try several things using the ssg-debderived package
  - take the ubuntu-16.04 checklist file and try to run it on a xenial system
    However, there are systemd checks in this xccdf. It is possible a bugreport will be generated.

  - try to run the ubuntu-16.04 checklists file on bionic.
    This will fail because checklist file first looks to verify is a 16.04 system. A savvy user can modify the xccdf (checklist file) to recognize 18.04.