Does Lenz or friends know about this, was Common Criteria and ITSEC

18 May 2001

      ...
Thanks for your feedback,
this is important indeed.
Now, I'm sorry but the little I learned is on a magazine I can't read
just now. I'll be more precise in a couple of day, as soon as I can
recollect some more info on Common Criteria. Anyway, this is the web
site, as recovered from Google:
http://www.commoncriteria.org/
I think that it UK, BS9977 and similars (I believe) are used (BS:
British Standards, for not UK citizens).
I'm too not too sure what is meant for user policy, I think that is
substantially linked to security and access to the resources and data
provided by the system (AKA *nix policy on users, groups, apps), but
maybe this can be my interpretation based on *nix (although limited)
knowledge.
It's just because it seems odd to me, too, that I wanted to point your
attention towards this issue and ask again to escalate this to the
highest level possible.
I forwarded my mail to gnu@gun.org.
This is not meant for spamming, but to support Free Software and avoid
proprietary chains.
Thanks a lot,
Ste
Fergus Wilde wrote:
...
This does sound like it could be important, and like it would be worth
doing
...
something about.  But I don't know what the Common Criteria are (never
heard
of them, in fact), nor do I understand what is meant by user policy.
Linux
and *nix are certainly very widely used in the UK academic sector, so it
would seem odd if there has been nothing done on compliance with
standards.
Can you give us a bit more background to work with before we start
reacting?
Best
Fergus
----- Original Message -----
From: "Stefano Papini" 
To: "SuSE" 
Sent: Friday, May 18, 2001 10:01 AM
Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free
Speech
...
Hello,
I apologize for the priority but I think that this is a big issue,
indeed.
I recently learned that italian PA (Public Administration) is defining
a
law (or sort of) about the informative systems which can be adopted
for
its purpouse, by asking the systems the compliance with some level (I
think EAL2) of Common Criteria (CC), or European equipollents (ITSEC,
or
BS (British Standards)).
I was told that it was recently stated on the web that Linux solutions
wouldn't be compliant to such criteria, above all for what addresses
Hi Stefano,

I will look at the links and pages, and we must see what is meant.
It's certainly very important that Linux doesn't miss out on being included
in any national / international standards.  I won't be able to get onto this
much until next week, but I will keep reading here in case news appears.

I wonder if anyone at SuSE, as a company whose vital interests might appear
to
be affected, knows what is fact and what is rumour about this.

Take care
Fergus

----- Original Message -----
From: "Stefano Papini" 
To: "Fergus Wilde" 
Cc: "SuSE list" ; 
Sent: Friday, May 18, 2001 11:10 AM
Subject: Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs.
Free Speech

the
...
...
...
user "policy" (or something like that).
Can somebody point me to some useful direction towards this issue?
Do anybody know whether a Linux system can or has been certified
versus
CC?
I think that this lack of certification is given by the lack of
interest, or absence of motivation, by the Linux community rather than
by technical limits.
I think, of course, that the compliance to these international
certification criteria should be considered as an essential feature in
order not to limit the diffusion of Linux systems and "free software"
(in the sense of freedom, of course) also in PA which is a "strategic"
area of users.
Of course the same PA, and the State, should be the first instituion
sponsoring Free Software, just to guarantee the accessibility to all
citizens to the services proivided (first of all about the
documentation).
Please if you have any information, let's cohordinate a project aimed
to
"raise" the problem towards the international community, asking for
support of EU, Free Software Foundation, ...
Thanks a lot,
Ste
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com