> That's going to be pretty tough to do for Linux/390 shops, unless they're > allowed to maim their operators by blinding them. :) Not something I would > recommend, in any case. I think auditors are going to have to change their > mindset a little in this area. Auditors exist for business reasons. Support computer systems exist for business reasons too. I think it is a little backwards to assume that shortcomings in software that might cause it to not meet some of the business needs mean that the auditors should abandon their goal of making sure that these systems meet the business needs...
It is (for some businesses) the "right" thing for operations and development to be segregated to the extent that operations has zero access to the code. Just because some software does not make this easy does not mean that the goal should be abandoned. Personally I believe this is a good indication of an area where this young technology can indeed learn and benefit from the knowledge gained in the past. And we can start that process too... all we need to do is to place a standardized message identifier on the front of every message we generate and then write that section of the man page to describe what that message means. Big trips start with small steps. Peace. -njg
