Thanks for your feedback, this is important indeed. Now, I'm sorry but the little I learned is on a magazine I can't read just now. I'll be more precise in a couple of day, as soon as I can recollect some more info on Common Criteria. Anyway, this is the web site, as recovered from Google:
http://www.commoncriteria.org/
I think that it UK, BS9977 and similars (I believe) are used (BS: British Standards, for not UK citizens).
I'm too not too sure what is meant for user policy, I think that is substantially linked to security and access to the resources and data provided by the system (AKA *nix policy on users, groups, apps), but maybe this can be my interpretation based on *nix (although limited) knowledge.
It's just because it seems odd to me, too, that I wanted to point your attention towards this issue and ask again to escalate this to the highest level possible.
I forwarded my mail to gnu@gun.org.
This is not meant for spamming, but to support Free Software and avoid proprietary chains.
Thanks a lot,
Ste
Fergus Wilde wrote:
This does sound like it could be important, and like it would be worth
doing
something about. But I don't know what the Common Criteria are (never heard of them, in fact), nor do I understand what is meant by user policy. Linux and *nix are certainly very widely used in the UK academic sector, so it would seem odd if there has been nothing done on compliance with standards. Can you give us a bit more background to work with before we start reacting?
Best Fergus
----- Original Message ----- From: "Stefano Papini"
To: "SuSE" Sent: Friday, May 18, 2001 10:01 AM Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs. Free Speech Hello, I apologize for the priority but I think that this is a big issue, indeed.
I recently learned that italian PA (Public Administration) is defining a law (or sort of) about the informative systems which can be adopted for its purpouse, by asking the systems the compliance with some level (I think EAL2) of Common Criteria (CC), or European equipollents (ITSEC, or BS (British Standards)).
I was told that it was recently stated on the web that Linux solutions wouldn't be compliant to such criteria, above all for what addresses
Hi Stefano,
I will look at the links and pages, and we must see what is meant.
It's certainly very important that Linux doesn't miss out on being included
in any national / international standards. I won't be able to get onto this
much until next week, but I will keep reading here in case news appears.
I wonder if anyone at SuSE, as a company whose vital interests might appear
to
be affected, knows what is fact and what is rumour about this.
Take care
Fergus
----- Original Message -----
From: "Stefano Papini"
user "policy" (or something like that).
Can somebody point me to some useful direction towards this issue? Do anybody know whether a Linux system can or has been certified versus CC?
I think that this lack of certification is given by the lack of interest, or absence of motivation, by the Linux community rather than by technical limits.
I think, of course, that the compliance to these international certification criteria should be considered as an essential feature in order not to limit the diffusion of Linux systems and "free software" (in the sense of freedom, of course) also in PA which is a "strategic" area of users.
Of course the same PA, and the State, should be the first instituion sponsoring Free Software, just to guarantee the accessibility to all citizens to the services proivided (first of all about the documentation).
Please if you have any information, let's cohordinate a project aimed to "raise" the problem towards the international community, asking for support of EU, Free Software Foundation, ...
Thanks a lot, Ste
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com