search

opencontrol / discuss

a place to have conversations about OpenControl projects
https://github.com/opencontrol/discuss/issues
Other
16 stars 0 forks source link

Component versioning #21

Open anweiss opened 7 years ago

anweiss commented 7 years ago

Per discussion in https://github.com/opencontrol/schemas/pull/61 ... we need to figure out a way to allow one to reference specific versions of a component file. A simple solution would be to create separate component.yml files for each version of the component and reference them accordingly in opencontrolyml. However, this breaks when one imports component controls from a Git repo rather than a local path.

@gregelin proposed a package management solution, but this could be more work than it's worth. Thoughts on this?

JJediny commented 7 years ago

@anweiss I like the idea but I think this should be defined with the content, as to say the content is valid for this version of the package/app. This would force the updating of content with new releases to review/revalidate that the control still applies, is accurate, and can not be added to or revised. 

  - control_key: AC-2 (7)
    covered_by: []
    implementation_status: complete
    control_origin: "service provider system specific"
    narrative:
      - key: a
        text: |
          'The permission levels assignable to users and teams managed by Universal Control Plane are documented at
          https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/permission-levels/.'
    standard_key: NIST-800-53
    version:
      - Compose: 'v2, v3'
      - Engine: '1.12, 1.13'
anweiss commented 7 years ago

This could work as well. Solid approach

its-a-lisa commented 4 years ago

If this is still open; suggest moving this to the https://github.com/opencontrol/schemas repo as there doesn't seem to be anything left for discussion and this would just require action.