Le 4 décembre 2017 20:02:41 GMT+01:00, Chad Larson
<[email protected]> a écrit :
>On Mon, Dec 04, 2017 at 09:06:10AM -0600, Caleb Herbert wrote:
>> On Sun, 2017-12-03 at 21:12 -0500, Chad Larson wrote:
[...]
>> > that the code implements the requirements correctly
>for each
>> > product that uses the code. Industrial regulations require
>traceability
>> > to determine which individual personally made which implementation
>> > decisions and which individual tested and verified the results.
>>
>> Sounds like they want better documentation. Ask Red Hat.
>
>That seems like an odd request, given that Red Hat's history of
>certified
>products is limited to enterprise software running on x86_64 hosts,
>not embedded systems. Red Hat has some products rated at EAL4, but the
>traceability requirements for EAL4 are fairly weak compared to other
>industry standards (or even EAL6). The other certifications they have
>seem to have even weaker requirements (but I haven't fully reviewed
>them all).
Common Criteria EAL evalation is out of vendors scope, especially regarding
operating systems :
EAL evaluation is conduced through a defined environment on a specific usage
where a defined and reproductible setup has been done on the tested system.
Moreover, enlisted laboratories are so rare and expensive that a vendor will
never afford.
If I remain correctly, tests/certification processes were afforded on some
RedHat and SUSE setups by German defence.
In any way: asking for vendor to afford for CC / EAL testing and certification
does not make sense.
(While traceability and automated tests would help, and CC requirements to EALn
includes controlled development process -- from start -- as claimed earlier in
thread)
>I know of any free-software projects currently offering a
>complete
>traceability data set. I know of only two open-source projects
>(FreeRTOS
>and OpenSafety) which offer traceability data at all--but in both cases
>the data is only available under a separate non-free license.
>
>A warranty is necessary but not sufficient. If a project is demanding
>traceability, they expect more from their ll
--
Je suis née pour partager, non la haine, mais l'amour.
Sophocle, Antigone, 442 av. J.C.
_______________________________________________
libreplanet-discuss mailing list
[email protected]
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
