Remove yara schema subdirectory by zwass · Pull Request #8461 · osquery/osquery
Comment on lines +62 to +63
| if path.endswith("yara_events.table"): | ||
| return ["darwin", "linux"] |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we move the spec? Could add a yara/posix. Approved, anyway you'd like to handle it
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should just remove the special cases and actually move the .table in the existing linux, posix etc (depending on where it has to go). This would go under posix.
yara, utility and sleuthkit seem to be the only remaining special cases
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree actually. I don't see much benefit of the special case directories. If they aren't important to the build process in some way then that would be my preference.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree actually. I don't see much benefit of the special case directories. If they aren't important to the build process in some way then that would be my preference.
No they aren't. I guess previously it was preferred to give priority to what the table spec was for.