From: Thomas Harding <tom@thomas-harding.name>
To: libreplanet-discuss@libreplanet.org
Subject: Re: 7 Reasons to Avoid Open Source?
Date: Tue, 05 Dec 2017 00:59:28 +0100 [thread overview]
Message-ID: <A99ADC4D-C93C-488F-BC7C-EC0BC06C3683@thomas-harding.name> (raw)
In-Reply-To: <20171204190241.kqnb7zwgzvr4st6g@hungrycats.org>
Le 4 décembre 2017 20:02:41 GMT+01:00, Chad Larson <BPYZs1fx@mailtoo.hungrycats.org> a écrit :
>On Mon, Dec 04, 2017 at 09:06:10AM -0600, Caleb Herbert wrote:
>> On Sun, 2017-12-03 at 21:12 -0500, Chad Larson wrote:
[...]
>> > that the code implements the requirements correctly
>for each
>> > product that uses the code. Industrial regulations require
>traceability
>> > to determine which individual personally made which implementation
>> > decisions and which individual tested and verified the results.
>>
>> Sounds like they want better documentation. Ask Red Hat.
>
>That seems like an odd request, given that Red Hat's history of
>certified
>products is limited to enterprise software running on x86_64 hosts,
>not embedded systems. Red Hat has some products rated at EAL4, but the
>traceability requirements for EAL4 are fairly weak compared to other
>industry standards (or even EAL6). The other certifications they have
>seem to have even weaker requirements (but I haven't fully reviewed
>them all).
Common Criteria EAL evalation is out of vendors scope, especially regarding operating systems :
EAL evaluation is conduced through a defined environment on a specific usage where a defined and reproductible setup has been done on the tested system.
Moreover, enlisted laboratories are so rare and expensive that a vendor will never afford.
If I remain correctly, tests/certification processes were afforded on some RedHat and SUSE setups by German defence.
In any way: asking for vendor to afford for CC / EAL testing and certification does not make sense.
(While traceability and automated tests would help, and CC requirements to EALn includes controlled development process -- from start -- as claimed earlier in thread)
>I know of any free-software projects currently offering a
>complete
>traceability data set. I know of only two open-source projects
>(FreeRTOS
>and OpenSafety) which offer traceability data at all--but in both cases
>the data is only available under a separate non-free license.
>
>A warranty is necessary but not sufficient. If a project is demanding
>traceability, they expect more from their ll
--
Je suis née pour partager, non la haine, mais l'amour.
Sophocle, Antigone, 442 av. J.C.
_______________________________________________
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
next prev parent reply other threads:[~2017-12-04 23:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-03 4:45 7 Reasons to Avoid Open Source? Mary-Anne Wolf
2017-12-03 8:05 ` Andrés Muñiz Piniella
2017-12-03 10:44 ` Thomas Harding
2017-12-03 12:32 ` N.Thomas
2017-12-03 15:29 ` C.W. Epema
2017-12-03 19:22 ` Michael Pagan
2017-12-04 2:12 ` Chad Larson
2017-12-04 14:51 ` Thomas Harding
2017-12-04 15:06 ` Caleb Herbert
2017-12-04 19:02 ` Chad Larson
2017-12-04 23:59 ` Thomas Harding [this message]
2017-12-04 16:20 ` Adonay Felipe Nogueira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=A99ADC4D-C93C-488F-BC7C-EC0BC06C3683@thomas-harding.name \
--to=tom@thomas-harding.name \
--cc=libreplanet-discuss@libreplanet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).