Mailinglist Archive: opensuse (3637 mails)
| < Previous | Next > |
Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs. Free Speech
- From: Gudmund Areskoug <fta@xxxxxxxxxx>
- Date: Fri, 18 May 2001 12:15:25 +0200
- Message-id: <3B04F63D.EC64156B@xxxxxxxxxx>
Hi,
Stefano Papini wrote:
>
> Hello,
> I apologize for the priority but I think that this is a big issue,
> indeed.
>
> I recently learned that italian PA (Public Administration) is defining a
> law (or sort of) about the informative systems which can be adopted for
> its purpouse, by asking the systems the compliance with some level (I
> think EAL2) of Common Criteria (CC), or European equipollents (ITSEC, or
> BS (British Standards)).
>
> I was told that it was recently stated on the web that Linux solutions
> wouldn't be compliant to such criteria, above all for what addresses the
> user "policy" (or something like that).
>
> Can somebody point me to some useful direction towards this issue?
> Do anybody know whether a Linux system can or has been certified versus
> CC?
Not quite to the point, but it says something:
http://www.fcw.com/fcw/articles/2000/0731/web-linux-08-02-00.asp
> I think that this lack of certification is given by the lack of
> interest, or absence of motivation, by the Linux community rather than
> by technical limits.
>
> I think, of course, that the compliance to these international
> certification criteria should be considered as an essential feature in
> order not to limit the diffusion of Linux systems and "free software"
> (in the sense of freedom, of course) also in PA which is a "strategic"
> area of users.
>
> Of course the same PA, and the State, should be the first instituion
> sponsoring Free Software, just to guarantee the accessibility to all
> citizens to the services proivided (first of all about the
> documentation).
>
> Please if you have any information, let's cohordinate a project aimed to
> "raise" the problem towards the international community, asking for
> support of EU, Free Software Foundation, ...
Indeed. AFAIK, the French and German governments have started
something. I don't know where to start with the French, but here's
for starters about the Germans (sorry, mostly in German):
http://linux.kbst.bund.de/
http://linux.kbst.bund.de/02-2000/index2.html
http://linux.kbst.bund.de/02-2000/brief2-2000.html
http://www.bsi.bund.de/
http://www.bsi.bund.de/aufgaben/ii/zert/index.htm
http://www.bsi.bund.de/cc/index.htm
BR,
Gudmund
Stefano Papini wrote:
>
> Hello,
> I apologize for the priority but I think that this is a big issue,
> indeed.
>
> I recently learned that italian PA (Public Administration) is defining a
> law (or sort of) about the informative systems which can be adopted for
> its purpouse, by asking the systems the compliance with some level (I
> think EAL2) of Common Criteria (CC), or European equipollents (ITSEC, or
> BS (British Standards)).
>
> I was told that it was recently stated on the web that Linux solutions
> wouldn't be compliant to such criteria, above all for what addresses the
> user "policy" (or something like that).
>
> Can somebody point me to some useful direction towards this issue?
> Do anybody know whether a Linux system can or has been certified versus
> CC?
Not quite to the point, but it says something:
http://www.fcw.com/fcw/articles/2000/0731/web-linux-08-02-00.asp
> I think that this lack of certification is given by the lack of
> interest, or absence of motivation, by the Linux community rather than
> by technical limits.
>
> I think, of course, that the compliance to these international
> certification criteria should be considered as an essential feature in
> order not to limit the diffusion of Linux systems and "free software"
> (in the sense of freedom, of course) also in PA which is a "strategic"
> area of users.
>
> Of course the same PA, and the State, should be the first instituion
> sponsoring Free Software, just to guarantee the accessibility to all
> citizens to the services proivided (first of all about the
> documentation).
>
> Please if you have any information, let's cohordinate a project aimed to
> "raise" the problem towards the international community, asking for
> support of EU, Free Software Foundation, ...
Indeed. AFAIK, the French and German governments have started
something. I don't know where to start with the French, but here's
for starters about the Germans (sorry, mostly in German):
http://linux.kbst.bund.de/
http://linux.kbst.bund.de/02-2000/index2.html
http://linux.kbst.bund.de/02-2000/brief2-2000.html
http://www.bsi.bund.de/
http://www.bsi.bund.de/aufgaben/ii/zert/index.htm
http://www.bsi.bund.de/cc/index.htm
BR,
Gudmund
| < Previous | Next > |