You mean moving the current bsi-node.profile to e.g. bsi-node-2023.profile?
Yes.
Should we also add an additional bsi-node.profile file that "extends" the bsi-node-2023 profile (just like cis / cis-node do for example)?
Yes.
The non-versioned profiles are always pointing to the latest version.
This way folks who want to stay on a specific version can use bsi-2022 and bsi-node-2022, for example. And folks who want to keep "rolling" to the latest version can use bsi and bsi-node.
How do you usually handle changes, when e.g. the 2024 version comes out? Remove the 2023 version and only have one version in place?
The support for versioned profiles is quite new, so we haven't gone through a profile version update yet.
But I think that update approach will depend on the lifecycle of the policy and the transition period between versions.
Is an old version immediately deprecated a new release is out? Is there a transition period?
Regardless, I can imagine that the profile for and old version will exist and be shipped for a few releases until it is removed. So that people using them can move and adapt to the new version.
The profile for rhcos4 can also leverage the the bsi_app_4_4 controls.
Any node rule selected in a control will be picked up and included in the profile.
Yes.
Yes.
The non-versioned profiles are always pointing to the latest version. This way folks who want to stay on a specific version can use
bsi-2022
andbsi-node-2022
, for example. And folks who want to keep "rolling" to the latest version can usebsi
andbsi-node
.The support for versioned profiles is quite new, so we haven't gone through a profile version update yet.
But I think that update approach will depend on the lifecycle of the policy and the transition period between versions. Is an old version immediately deprecated a new release is out? Is there a transition period?
Regardless, I can imagine that the profile for and old version will exist and be shipped for a few releases until it is removed. So that people using them can move and adapt to the new version.
_Originally posted by @yuumasato in https://github.com/ComplianceAsCode/content/pull/11342#discussion_r1443244448_
The profile for
rhcos4
can also leverage the thebsi_app_4_4
controls. Any node rule selected in a control will be picked up and included in the profile._Originally posted by @yuumasato in https://github.com/ComplianceAsCode/content/pull/11342#discussion_r1433970864_