Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Common Criteria and ITSEC
  • From: Stefano Papini <stefano.papini@xxxxxxxxxxxxxxxx>
  • Date: Fri, 18 May 2001 13:40:48 +0100
  • Message-id: <3B052660.848E850E@xxxxxxxxxxxxxxxx>
Hello community,
sorry for direct mail, high priority and mail size, but I think these
30secs to read the mail could prevent Free Software from getting a heavy
limitation and widespread diffusion.

The issue is about Common Criteria (and ITSEC) standard compliance,
which AFAIK linux is lacking of.
This could seriously affect Linux and GPL sw use in Public
Administration, in Italy, in Europe and eventually even in the States.

Here below are some previous mails.

Thank you for your time and we hope to have raised as much interest and
support of the whole community as possible.

Best regards,

Stefano Papini

-------- Original Message --------
Subject: Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer
vs. Free Speech
Date: Fri, 18 May 2001 11:10:37 +0100
From: Stefano Papini <stefano.papini@xxxxxxxxxxxxxxxx>
Organization: GPLV Partners
To: Fergus Wilde <fwilde@xxxxxxxxxxxxxxx>
CC: SuSE list <suse-linux-e@xxxxxxxx>, gnu@xxxxxxx
References: <3B04F317.1EDE2576@xxxxxxxxxxxxxxxx>
<002f01c0df7e$69a888e0$e5195882@xxxxxxxxxxxxxxx>

Thanks for your feedback,
this is important indeed.
Now, I'm sorry but the little I learned is on a magazine I can't read
just now. I'll be more precise in a couple of day, as soon as I can
recollect some more info on Common Criteria. Anyway, this is the web
site, as recovered from Google:

http://www.commoncriteria.org/

I think that it UK, BS9977 and similars (I believe) are used (BS:
British Standards, for not UK citizens).

I'm too not too sure what is meant for user policy, I think that is
substantially linked to security and access to the resources and data
provided by the system (AKA *nix policy on users, groups, apps), but
maybe this can be my interpretation based on *nix (although limited)
knowledge.

It's just because it seems odd to me, too, that I wanted to point your
attention towards this issue and ask again to escalate this to the
highest level possible.

I forwarded my mail to gnu@xxxxxxxx

This is not meant for spamming, but to support Free Software and avoid
proprietary chains.

Thanks a lot,

Ste

Fergus Wilde wrote:
>
> This does sound like it could be important, and like it would be worth doing
> something about. But I don't know what the Common Criteria are (never heard
> of them, in fact), nor do I understand what is meant by user policy. Linux
> and *nix are certainly very widely used in the UK academic sector, so it
> would seem odd if there has been nothing done on compliance with standards.
> Can you give us a bit more background to work with before we start reacting?
>
> Best
> Fergus
>
> ----- Original Message -----
> From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> To: "SuSE" <suse-linux-e@xxxxxxxx>
> Sent: Friday, May 18, 2001 10:01 AM
> Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs. Free
> Speech
>
> > Hello,
> > I apologize for the priority but I think that this is a big issue,
> > indeed.
> >
> > I recently learned that italian PA (Public Administration) is defining a
> > law (or sort of) about the informative systems which can be adopted for
> > its purpouse, by asking the systems the compliance with some level (I
> > think EAL2) of Common Criteria (CC), or European equipollents (ITSEC, or
> > BS (British Standards)).
> >
> > I was told that it was recently stated on the web that Linux solutions
> > wouldn't be compliant to such criteria, above all for what addresses the
> > user "policy" (or something like that).
> >
> > Can somebody point me to some useful direction towards this issue?
> > Do anybody know whether a Linux system can or has been certified versus
> > CC?
> >
> > I think that this lack of certification is given by the lack of
> > interest, or absence of motivation, by the Linux community rather than
> > by technical limits.
> >
> > I think, of course, that the compliance to these international
> > certification criteria should be considered as an essential feature in
> > order not to limit the diffusion of Linux systems and "free software"
> > (in the sense of freedom, of course) also in PA which is a "strategic"
> > area of users.
> >
> > Of course the same PA, and the State, should be the first instituion
> > sponsoring Free Software, just to guarantee the accessibility to all
> > citizens to the services proivided (first of all about the
> > documentation).
> >
> > Please if you have any information, let's cohordinate a project aimed to
> > "raise" the problem towards the international community, asking for
> > support of EU, Free Software Foundation, ...
> >
> > Thanks a lot,
> > Ste
> >
> > --
> > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > Also check the FAQ at http://www.suse.com/support/faq and the
> > archives at http://lists.suse.com

--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to
suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com

< Previous Next >
This Thread