On Tue, 26 Nov 2002, Jon R. Doyle wrote: > We do certifiy through normal QA process SuSE SLES, RH Adv Srv for example > on Intel systems, and SuSE SLES on zSeries, this is the commercial > products, and I mention this because the thread started about Oracle from > what I read. Oracle has several levels from what I remember, one called > Validation like here: >
I was, of couse, referring specifically to the free version that "everyone" runs because that's how their distribution is setup. > >http://www.suse.com/en/business/certifications/certified_software/oracle/certified.html > > SAP has something similar to the above, I even rememebr one tech doc > telling you to put a SuSE Kernel on top of a Redhat install to be > certified. > > Most ISVs IMHO need to protect themselves somewhat on Linux because it is > a platform that can have any level of changes applied at the end-user > level. Meaning, we know what Solaris level or NT level works through QA > processes, but what if somebody calls me and says I am running SuSE SLES > with 2.4.18, but I find they have patched the kernel with pre-emptive > stuff, or any number of things that seemed interesting in the dev > community, or say new glibc, and now Sendmail filters or something are not > working correctly. So you see we have to pick certain levels of the > platform and QA that and call it "known to work". You find an issue, we > can reproduct that internally on the same platform, much more reasonable > to keep quality control. I've not run AS, but I do know that on various Red Hat Linux there have been security updates for glibc and the kernel (I just pulled in new versions of the kernel for 7.0 overnight). Then a site has a choice: fix the vulnerability and break certification or keep the certification and the vulnerability. What then? I'd favour fixing the vulnerability. How would you as a vendor respond to that? > Most HW vendors also certify against known version levels too, obviously > for driver sakes, in fact I have heard rumour once that Compaq did more QA > of Linux for that very reason than the Linux vendor themselves. That would not suprise me _iff_ you mean the kernel. I expect the same would apply to some others too, and I know some vendors are quite visible on the lkml. Cheers John. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
