Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Common Criteria and ITSEC compliance
  • From: Stefano Papini <stefano.papini@xxxxxxxxxxxxxxxx>
  • Date: Fri, 18 May 2001 13:31:13 +0100
  • Message-id: <3B052421.D8EE26F9@xxxxxxxxxxxxxxxx>
Hi Fergus and all,
my impression is that the international community (and I like to
underline that the interest must be shared by any involved by free
software, SuSE included, of course) have no time to waste, as I expect
that ther'll be a lot of rumour done by other sw "vendor" in order to
prevent "Free software" to enter such a rich market and there will be
time and probably money to spend to achieve any certification.

My worries concern the fact that with respect to a single
system/solution (e.g. Oracle 9i), here we have to "certify" the approach
of Free Software. This by itself is more secure, but is difficult to
"concentrate" in a single system/solution (e.g. we could certify mySQL,
but what about a whole Linux distro?).

We have to think of it, at the maximum level possible, with the maximum
priority possible because, as Gudmund pointed out, in Germany and in
France things are moving one.

Now, I was told that recently France has promoted a law trying to defend
"open source" initiatives in PA, but I think that the key to all this
problem is to match the international standards.

On the other side I expect that just people like Robert J. Chassel, or
Mr. Bruce Perens, or. R. Stallman or some well known expert, can
actively and effectively support this issue (what about the same
Linus???).

Cheers,

Stefano

Fergus Wilde wrote:
>
> Hi Stefano,
>
> I will look at the links and pages, and we must see what is meant.
> It's certainly very important that Linux doesn't miss out on being included
> in any national / international standards. I won't be able to get onto this
> much until next week, but I will keep reading here in case news appears.
>
> I wonder if anyone at SuSE, as a company whose vital interests might appear
> to
> be affected, knows what is fact and what is rumour about this.
>
> Take care
> Fergus
>
> ----- Original Message -----
> From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> To: "Fergus Wilde" <fwilde@xxxxxxxxxxxxxxx>
> Cc: "SuSE list" <suse-linux-e@xxxxxxxx>; <gnu@xxxxxxx>
> Sent: Friday, May 18, 2001 11:10 AM
> Subject: Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
> Free Speech
>
> > Thanks for your feedback,
> > this is important indeed.
> > Now, I'm sorry but the little I learned is on a magazine I can't read
> > just now. I'll be more precise in a couple of day, as soon as I can
> > recollect some more info on Common Criteria. Anyway, this is the web
> > site, as recovered from Google:
> >
> > http://www.commoncriteria.org/
> >
> > I think that it UK, BS9977 and similars (I believe) are used (BS:
> > British Standards, for not UK citizens).
> >
> > I'm too not too sure what is meant for user policy, I think that is
> > substantially linked to security and access to the resources and data
> > provided by the system (AKA *nix policy on users, groups, apps), but
> > maybe this can be my interpretation based on *nix (although limited)
> > knowledge.
> >
> > It's just because it seems odd to me, too, that I wanted to point your
> > attention towards this issue and ask again to escalate this to the
> > highest level possible.
> >
> > I forwarded my mail to gnu@xxxxxxxx
> >
> > This is not meant for spamming, but to support Free Software and avoid
> > proprietary chains.
> >
> > Thanks a lot,
> >
> > Ste
> >
> > Fergus Wilde wrote:
> > >
> > > This does sound like it could be important, and like it would be worth
> doing
> > > something about. But I don't know what the Common Criteria are (never
> heard
> > > of them, in fact), nor do I understand what is meant by user policy.
> Linux
> > > and *nix are certainly very widely used in the UK academic sector, so it
> > > would seem odd if there has been nothing done on compliance with
> standards.
> > > Can you give us a bit more background to work with before we start
> reacting?
> > >
> > > Best
> > > Fergus
> > >
> > > ----- Original Message -----
> > > From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> > > To: "SuSE" <suse-linux-e@xxxxxxxx>
> > > Sent: Friday, May 18, 2001 10:01 AM
> > > Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
> Free
> > > Speech
> > >
> > > > Hello,
> > > > I apologize for the priority but I think that this is a big issue,
> > > > indeed.
> > > >
> > > > I recently learned that italian PA (Public Administration) is defining
> a
> > > > law (or sort of) about the informative systems which can be adopted
> for
> > > > its purpouse, by asking the systems the compliance with some level (I
> > > > think EAL2) of Common Criteria (CC), or European equipollents (ITSEC,
> or
> > > > BS (British Standards)).
> > > >
> > > > I was told that it was recently stated on the web that Linux solutions
> > > > wouldn't be compliant to such criteria, above all for what addresses
> the
> > > > user "policy" (or something like that).
> > > >
> > > > Can somebody point me to some useful direction towards this issue?
> > > > Do anybody know whether a Linux system can or has been certified
> versus
> > > > CC?
> > > >
> > > > I think that this lack of certification is given by the lack of
> > > > interest, or absence of motivation, by the Linux community rather than
> > > > by technical limits.
> > > >
> > > > I think, of course, that the compliance to these international
> > > > certification criteria should be considered as an essential feature in
> > > > order not to limit the diffusion of Linux systems and "free software"
> > > > (in the sense of freedom, of course) also in PA which is a "strategic"
> > > > area of users.
> > > >
> > > > Of course the same PA, and the State, should be the first instituion
> > > > sponsoring Free Software, just to guarantee the accessibility to all
> > > > citizens to the services proivided (first of all about the
> > > > documentation).
> > > >
> > > > Please if you have any information, let's cohordinate a project aimed
> to
> > > > "raise" the problem towards the international community, asking for
> > > > support of EU, Free Software Foundation, ...
> > > >
> > > > Thanks a lot,
> > > > Ste
> > > >
> > > > --
> > > > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > > > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > > > Also check the FAQ at http://www.suse.com/support/faq and the
> > > > archives at http://lists.suse.com

--
Stefano Papini, Dr. Eng.
Account Manager
GPLV Partners S.p.A.
Piazza Cavour, 3 (V piano)
20121 Milano - Italy
Tel. +39-02-6556731
Fax +39-02-63618532
mailto:stefano.papini@xxxxxxxxxxxxxxxx
Web: http://www.gplvpartners.com

< Previous Next >