Mailinglist Archive: opensuse (3637 mails)
| < Previous | Next > |
Does Lenz or friends know about this, was Common Criteria and ITSEC
- From: "Fergus Wilde" <fwilde@xxxxxxxxxxxxxxx>
- Date: Fri, 18 May 2001 12:17:09 +0100
- Message-id: <002801c0df8c$1dd09bc0$e5195882@xxxxxxxxxxxxxxx>
Hi Stefano,
I will look at the links and pages, and we must see what is meant.
It's certainly very important that Linux doesn't miss out on being included
in any national / international standards. I won't be able to get onto this
much until next week, but I will keep reading here in case news appears.
I wonder if anyone at SuSE, as a company whose vital interests might appear
to
be affected, knows what is fact and what is rumour about this.
Take care
Fergus
----- Original Message -----
From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
To: "Fergus Wilde" <fwilde@xxxxxxxxxxxxxxx>
Cc: "SuSE list" <suse-linux-e@xxxxxxxx>; <gnu@xxxxxxx>
Sent: Friday, May 18, 2001 11:10 AM
Subject: Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free Speech
> Thanks for your feedback,
> this is important indeed.
> Now, I'm sorry but the little I learned is on a magazine I can't read
> just now. I'll be more precise in a couple of day, as soon as I can
> recollect some more info on Common Criteria. Anyway, this is the web
> site, as recovered from Google:
>
> http://www.commoncriteria.org/
>
> I think that it UK, BS9977 and similars (I believe) are used (BS:
> British Standards, for not UK citizens).
>
> I'm too not too sure what is meant for user policy, I think that is
> substantially linked to security and access to the resources and data
> provided by the system (AKA *nix policy on users, groups, apps), but
> maybe this can be my interpretation based on *nix (although limited)
> knowledge.
>
> It's just because it seems odd to me, too, that I wanted to point your
> attention towards this issue and ask again to escalate this to the
> highest level possible.
>
> I forwarded my mail to gnu@xxxxxxxx
>
> This is not meant for spamming, but to support Free Software and avoid
> proprietary chains.
>
> Thanks a lot,
>
> Ste
>
> Fergus Wilde wrote:
> >
> > This does sound like it could be important, and like it would be worth
doing
> > something about. But I don't know what the Common Criteria are (never
heard
> > of them, in fact), nor do I understand what is meant by user policy.
Linux
> > and *nix are certainly very widely used in the UK academic sector, so it
> > would seem odd if there has been nothing done on compliance with
standards.
> > Can you give us a bit more background to work with before we start
reacting?
> >
> > Best
> > Fergus
> >
> > ----- Original Message -----
> > From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> > To: "SuSE" <suse-linux-e@xxxxxxxx>
> > Sent: Friday, May 18, 2001 10:01 AM
> > Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free
> > Speech
> >
> > > Hello,
> > > I apologize for the priority but I think that this is a big issue,
> > > indeed.
> > >
> > > I recently learned that italian PA (Public Administration) is defining
a
> > > law (or sort of) about the informative systems which can be adopted
for
> > > its purpouse, by asking the systems the compliance with some level (I
> > > think EAL2) of Common Criteria (CC), or European equipollents (ITSEC,
or
> > > BS (British Standards)).
> > >
> > > I was told that it was recently stated on the web that Linux solutions
> > > wouldn't be compliant to such criteria, above all for what addresses
the
> > > user "policy" (or something like that).
> > >
> > > Can somebody point me to some useful direction towards this issue?
> > > Do anybody know whether a Linux system can or has been certified
versus
> > > CC?
> > >
> > > I think that this lack of certification is given by the lack of
> > > interest, or absence of motivation, by the Linux community rather than
> > > by technical limits.
> > >
> > > I think, of course, that the compliance to these international
> > > certification criteria should be considered as an essential feature in
> > > order not to limit the diffusion of Linux systems and "free software"
> > > (in the sense of freedom, of course) also in PA which is a "strategic"
> > > area of users.
> > >
> > > Of course the same PA, and the State, should be the first instituion
> > > sponsoring Free Software, just to guarantee the accessibility to all
> > > citizens to the services proivided (first of all about the
> > > documentation).
> > >
> > > Please if you have any information, let's cohordinate a project aimed
to
> > > "raise" the problem towards the international community, asking for
> > > support of EU, Free Software Foundation, ...
> > >
> > > Thanks a lot,
> > > Ste
> > >
> > > --
> > > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > > Also check the FAQ at http://www.suse.com/support/faq and the
> > > archives at http://lists.suse.com
I will look at the links and pages, and we must see what is meant.
It's certainly very important that Linux doesn't miss out on being included
in any national / international standards. I won't be able to get onto this
much until next week, but I will keep reading here in case news appears.
I wonder if anyone at SuSE, as a company whose vital interests might appear
to
be affected, knows what is fact and what is rumour about this.
Take care
Fergus
----- Original Message -----
From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
To: "Fergus Wilde" <fwilde@xxxxxxxxxxxxxxx>
Cc: "SuSE list" <suse-linux-e@xxxxxxxx>; <gnu@xxxxxxx>
Sent: Friday, May 18, 2001 11:10 AM
Subject: Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free Speech
> Thanks for your feedback,
> this is important indeed.
> Now, I'm sorry but the little I learned is on a magazine I can't read
> just now. I'll be more precise in a couple of day, as soon as I can
> recollect some more info on Common Criteria. Anyway, this is the web
> site, as recovered from Google:
>
> http://www.commoncriteria.org/
>
> I think that it UK, BS9977 and similars (I believe) are used (BS:
> British Standards, for not UK citizens).
>
> I'm too not too sure what is meant for user policy, I think that is
> substantially linked to security and access to the resources and data
> provided by the system (AKA *nix policy on users, groups, apps), but
> maybe this can be my interpretation based on *nix (although limited)
> knowledge.
>
> It's just because it seems odd to me, too, that I wanted to point your
> attention towards this issue and ask again to escalate this to the
> highest level possible.
>
> I forwarded my mail to gnu@xxxxxxxx
>
> This is not meant for spamming, but to support Free Software and avoid
> proprietary chains.
>
> Thanks a lot,
>
> Ste
>
> Fergus Wilde wrote:
> >
> > This does sound like it could be important, and like it would be worth
doing
> > something about. But I don't know what the Common Criteria are (never
heard
> > of them, in fact), nor do I understand what is meant by user policy.
Linux
> > and *nix are certainly very widely used in the UK academic sector, so it
> > would seem odd if there has been nothing done on compliance with
standards.
> > Can you give us a bit more background to work with before we start
reacting?
> >
> > Best
> > Fergus
> >
> > ----- Original Message -----
> > From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> > To: "SuSE" <suse-linux-e@xxxxxxxx>
> > Sent: Friday, May 18, 2001 10:01 AM
> > Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free
> > Speech
> >
> > > Hello,
> > > I apologize for the priority but I think that this is a big issue,
> > > indeed.
> > >
> > > I recently learned that italian PA (Public Administration) is defining
a
> > > law (or sort of) about the informative systems which can be adopted
for
> > > its purpouse, by asking the systems the compliance with some level (I
> > > think EAL2) of Common Criteria (CC), or European equipollents (ITSEC,
or
> > > BS (British Standards)).
> > >
> > > I was told that it was recently stated on the web that Linux solutions
> > > wouldn't be compliant to such criteria, above all for what addresses
the
> > > user "policy" (or something like that).
> > >
> > > Can somebody point me to some useful direction towards this issue?
> > > Do anybody know whether a Linux system can or has been certified
versus
> > > CC?
> > >
> > > I think that this lack of certification is given by the lack of
> > > interest, or absence of motivation, by the Linux community rather than
> > > by technical limits.
> > >
> > > I think, of course, that the compliance to these international
> > > certification criteria should be considered as an essential feature in
> > > order not to limit the diffusion of Linux systems and "free software"
> > > (in the sense of freedom, of course) also in PA which is a "strategic"
> > > area of users.
> > >
> > > Of course the same PA, and the State, should be the first instituion
> > > sponsoring Free Software, just to guarantee the accessibility to all
> > > citizens to the services proivided (first of all about the
> > > documentation).
> > >
> > > Please if you have any information, let's cohordinate a project aimed
to
> > > "raise" the problem towards the international community, asking for
> > > support of EU, Free Software Foundation, ...
> > >
> > > Thanks a lot,
> > > Ste
> > >
> > > --
> > > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > > Also check the FAQ at http://www.suse.com/support/faq and the
> > > archives at http://lists.suse.com
| < Previous | Next > |