Re: [SLUG] Federal Gov Open Source Policy

2011-02-08 Thread Glen Turner 

On 06/02/11 21:03, Kevin Saenz wrote:

That is a majority of the time they would need to be DSD approved and each open

> source project would need to pay a minimum of $50k to get DSD to qualify it.
> Without DSD approval open source will not get a look in when it comes to

networks that are rated Protected and higher.


The trick with compliance is to read the documents carefully, not to be overawed by the security 
theatre of it all. That can be tricky when the customers are overawed too. DSD are as bound by the 
policies are you are, so the policies cut both ways. The most relevant paragraph is this one:


  Selecting products without security functions

  Agencies selecting products that do not provide a security function,
  or selecting products whose security functions will not be used,
  are free to follow their own acquisition guidelines.

  [Australian Government Information Security Manual, November 2010]

Note that this applies whatever the classification of the network the software is used on. So if you 
want to bid particular software for use even on a Top Secret network then all you need only show is 
that the software performs no security function. There can be some irony here, as you may note as 
you disable HTTPS on the webserver :-)


If your bid does require a security function (eg, the experienced person writing the tender 
specified HTTPS) then don't despair.  You'll find some Linux distributors have done excellent work 
acquiring NSA or NIST certification for basic security functions (PAM, OpenSSL, Mozilla NSS, etc)


BTW Red Hat Linux 5 is a standout. It even has MLS (ie, can use unclassified, restricted, protected 
and confidential information on the same system without the all the information being tainted up to 
confidential) evaluated to EAL4 (ie, the highest which can be obtained on generic hardware). The 
implementation is much easier to use than some other "trusted" operating systems. Presumably Red Hat 
intend to gain EAL4 for RHEL6.


It is even possible to build DSD-approved gateways to the Internet from Restricted or Protected 
networks using open source components. For a long time in the history of the Internet in Australia 
the only DSD-approved gateways were built from FOSS products.


In short, don't be afraid of information assurance requirements. Just read them carefully. Any FOSS 
vendor should be able to sell a non-MLS desktop configuration into a Protected or Confidential 
network with no great drama.


If you see a requirement for MLS or a "gateway security function" then these are specialised fields 
and you might think carefully about if you have the internal expertise to respond. There are many 
consultancies in the information assurance field that aren't interested in what you do best 
(installation, configuration, support and so on) so you might look towards a partnership for those 
more specialised tenders.


--
 Glen Turner   
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-06 Thread Marghanita da Cruz 

Hi All,

Following up on the postings here and Friday night's brief
discussion at SLUG, I have now created a page on the SLUG
wiki under advocacy.

See


Marghanita
Kevin Saenz wrote:

Also the problem is that Open source needs to jump through the same hoops 
proprietary software. That is a majority of the time they would need to be DSD 
approved and each open source project would need to pay a minimum of $50k to 
get DSD to qualify it. Without DSD approval open source will not get a look in 
when it comes to networks that are rated Protected and higher.




imho, I would have thought that Open Standards are for more critical for a
government to require the use and enforcement of.. But even this would be a
great win for open source in general as this would also force big companies
to support properly open standards in their own products, which then also
increases the viability of open source products that also support the
standard in the future when migrations are considered.

But as far as "active participation" in open source is concerned, it would
be great if any software commissioned by the government was then released as
open source. This may be problematic though, as the government would
(presumably) never actually write the software itself, but would outsource
it's development. Companies that do write the software would then have an
active interest in some kind of maintenance or ongoing support program with
the government, and would probably see releasing the code to the public as
an active threat to that interest. Still, the government could insist (as a
large enough customer), and that would be beneficial too

That said, obviously there are OS business models that work based upon the
ongoing technical support requirements of organisations that do adopt the
software, so working with a vendor that does this necessarily means that any
bugs or features that the government finds or requires would be given back
to the community as well.

Anyway, at least it something, and in general I think that Kate Lundy has
her head screwed on and is pushing in the right direction

On Fri, Feb 4, 2011 at 4:50 PM, Kevin Saenz wrote:


It's been a while since I have responded to slug emails.

You need to put this in to perspective. There are a number departments that
actually use open source, to some extent. You must bear in mind that there
are others who have a strictly microsoft.

I know of one department 6 years ago required the skills of Linux and Unix
people to convert the department from opensource to microsoft only
environment, because said department employed a "microsoft ranger", and to
this date he is still their CIO.

What you have to be aware to be successful with tenders or projects you
need to sit on a board of vendors to even be considered for a job or
contract for a scope of work. the Federal government is a large market and
you have fight your case on a departmental and divisional level.

there are other departments who employed the same web technology as
President Obama.
Yes Open source has a place in Public sector IT but sadly it's not in
business critical areas of the sector, and it has been visible for a long
time.






The policy includes three principles as well as some draft text for

government departments and agencies to include in future RFT documentation:

 * Principle 1:  Australian Government ICT procurement processes must

actively and fairly consider all types of available software.

 * Principle 2: Suppliers must consider all types of available software

when dealing with Australian Government agencies.

 * Principle 3:  Australian Government agencies will actively

participate in open source software communities and contribute back where
appropriate.

<

http://www.katelundy.com.au/2011/02/03/welcome-news-for-open-source/comment-page-1/


Policy available in HTML at
<

http://www.finance.gov.au/publications/guide-to-open-source-software/index.html


Marghanita
--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html






--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-06 Thread Kevin Saenz 
Also the problem is that Open source needs to jump through the same hoops 
proprietary software. That is a majority of the time they would need to be DSD 
approved and each open source project would need to pay a minimum of $50k to 
get DSD to qualify it. Without DSD approval open source will not get a look in 
when it comes to networks that are rated Protected and higher.



> imho, I would have thought that Open Standards are for more critical for a
> government to require the use and enforcement of.. But even this would be a
> great win for open source in general as this would also force big companies
> to support properly open standards in their own products, which then also
> increases the viability of open source products that also support the
> standard in the future when migrations are considered.
> 
> But as far as "active participation" in open source is concerned, it would
> be great if any software commissioned by the government was then released as
> open source. This may be problematic though, as the government would
> (presumably) never actually write the software itself, but would outsource
> it's development. Companies that do write the software would then have an
> active interest in some kind of maintenance or ongoing support program with
> the government, and would probably see releasing the code to the public as
> an active threat to that interest. Still, the government could insist (as a
> large enough customer), and that would be beneficial too
> 
> That said, obviously there are OS business models that work based upon the
> ongoing technical support requirements of organisations that do adopt the
> software, so working with a vendor that does this necessarily means that any
> bugs or features that the government finds or requires would be given back
> to the community as well.
> 
> Anyway, at least it something, and in general I think that Kate Lundy has
> her head screwed on and is pushing in the right direction
> 
> On Fri, Feb 4, 2011 at 4:50 PM, Kevin Saenz wrote:
> 
>> It's been a while since I have responded to slug emails.
>> 
>> You need to put this in to perspective. There are a number departments that
>> actually use open source, to some extent. You must bear in mind that there
>> are others who have a strictly microsoft.
>> 
>> I know of one department 6 years ago required the skills of Linux and Unix
>> people to convert the department from opensource to microsoft only
>> environment, because said department employed a "microsoft ranger", and to
>> this date he is still their CIO.
>> 
>> What you have to be aware to be successful with tenders or projects you
>> need to sit on a board of vendors to even be considered for a job or
>> contract for a scope of work. the Federal government is a large market and
>> you have fight your case on a departmental and divisional level.
>> 
>> there are other departments who employed the same web technology as
>> President Obama.
>> Yes Open source has a place in Public sector IT but sadly it's not in
>> business critical areas of the sector, and it has been visible for a long
>> time.
>> 
>> 
>> 
>> 
>> 
 The policy includes three principles as well as some draft text for
>> government departments and agencies to include in future RFT documentation:
  * Principle 1:  Australian Government ICT procurement processes must
>> actively and fairly consider all types of available software.
  * Principle 2: Suppliers must consider all types of available software
>> when dealing with Australian Government agencies.
  * Principle 3:  Australian Government agencies will actively
>> participate in open source software communities and contribute back where
>> appropriate.
>>> <
>> http://www.katelundy.com.au/2011/02/03/welcome-news-for-open-source/comment-page-1/
>>> 
>>> 
>>> Policy available in HTML at
>>> <
>> http://www.finance.gov.au/publications/guide-to-open-source-software/index.html
>>> 
>>> 
>>> Marghanita
>>> --
>>> Marghanita da Cruz
>>> http://ramin.com.au
>>> Tel: 0414-869202
>>> 
>>> 
>>> --
>>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
>>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>>> 
>> 
>> --
>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>> 
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-05 Thread Tony Sceats 
imho, I would have thought that Open Standards are for more critical for a
government to require the use and enforcement of.. But even this would be a
great win for open source in general as this would also force big companies
to support properly open standards in their own products, which then also
increases the viability of open source products that also support the
standard in the future when migrations are considered.

But as far as "active participation" in open source is concerned, it would
be great if any software commissioned by the government was then released as
open source. This may be problematic though, as the government would
(presumably) never actually write the software itself, but would outsource
it's development. Companies that do write the software would then have an
active interest in some kind of maintenance or ongoing support program with
the government, and would probably see releasing the code to the public as
an active threat to that interest. Still, the government could insist (as a
large enough customer), and that would be beneficial too

That said, obviously there are OS business models that work based upon the
ongoing technical support requirements of organisations that do adopt the
software, so working with a vendor that does this necessarily means that any
bugs or features that the government finds or requires would be given back
to the community as well.

Anyway, at least it something, and in general I think that Kate Lundy has
her head screwed on and is pushing in the right direction

On Fri, Feb 4, 2011 at 4:50 PM, Kevin Saenz wrote:

> It's been a while since I have responded to slug emails.
>
> You need to put this in to perspective. There are a number departments that
> actually use open source, to some extent. You must bear in mind that there
> are others who have a strictly microsoft.
>
> I know of one department 6 years ago required the skills of Linux and Unix
> people to convert the department from opensource to microsoft only
> environment, because said department employed a "microsoft ranger", and to
> this date he is still their CIO.
>
> What you have to be aware to be successful with tenders or projects you
> need to sit on a board of vendors to even be considered for a job or
> contract for a scope of work. the Federal government is a large market and
> you have fight your case on a departmental and divisional level.
>
> there are other departments who employed the same web technology as
> President Obama.
> Yes Open source has a place in Public sector IT but sadly it's not in
> business critical areas of the sector, and it has been visible for a long
> time.
>
>
>
>
>
> >> The policy includes three principles as well as some draft text for
> government departments and agencies to include in future RFT documentation:
> >>   * Principle 1:  Australian Government ICT procurement processes must
> actively and fairly consider all types of available software.
> >>   * Principle 2: Suppliers must consider all types of available software
> when dealing with Australian Government agencies.
> >>   * Principle 3:  Australian Government agencies will actively
> participate in open source software communities and contribute back where
> appropriate.
> > <
> http://www.katelundy.com.au/2011/02/03/welcome-news-for-open-source/comment-page-1/
> >
> >
> > Policy available in HTML at
> > <
> http://www.finance.gov.au/publications/guide-to-open-source-software/index.html
> >
> >
> > Marghanita
> > --
> > Marghanita da Cruz
> > http://ramin.com.au
> > Tel: 0414-869202
> >
> >
> > --
> > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> >
>
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-03 Thread Kevin Saenz 
It's been a while since I have responded to slug emails.

You need to put this in to perspective. There are a number departments that 
actually use open source, to some extent. You must bear in mind that there are 
others who have a strictly microsoft. 

I know of one department 6 years ago required the skills of Linux and Unix 
people to convert the department from opensource to microsoft only environment, 
because said department employed a "microsoft ranger", and to this date he is 
still their CIO. 

What you have to be aware to be successful with tenders or projects you need to 
sit on a board of vendors to even be considered for a job or contract for a 
scope of work. the Federal government is a large market and you have fight your 
case on a departmental and divisional level.

there are other departments who employed the same web technology as President 
Obama.
Yes Open source has a place in Public sector IT but sadly it's not in business 
critical areas of the sector, and it has been visible for a long time.





>> The policy includes three principles as well as some draft text for 
>> government departments and agencies to include in future RFT documentation:
>>   * Principle 1:  Australian Government ICT procurement processes must 
>> actively and fairly consider all types of available software.
>>   * Principle 2: Suppliers must consider all types of available software 
>> when dealing with Australian Government agencies.
>>   * Principle 3:  Australian Government agencies will actively participate 
>> in open source software communities and contribute back where appropriate.
> 
> 
> Policy available in HTML at
> 
> 
> Marghanita
> -- 
> Marghanita da Cruz
> http://ramin.com.au
> Tel: 0414-869202
> 
> 
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-03 Thread Marghanita da Cruz 

Dean Hamstead wrote:

this legislation is meaningless as open source projects cant respond to tenders.

vendors are already selling products rooted in, or heavily based on open 
source. the basis of the softwares development was already irrelevant in the 
tender process.

this legislation should have also included statements requiring software 
licenses to be strictly adhered to - open source or otherwise - and some 
commitment to enforcing the disclosure of source code from the vendors when 
appropriate.


Hi Dean,

This is policy not legislation and principles are broad. I
haven't had a chance to check the detail of the policy but
there is also this in the blog posting:

The policy includes three principles as well as some draft text for government 
departments and agencies to include in future RFT documentation:


Marghanita

On 04/02/2011, at 7:57 AM, Marghanita da Cruz  wrote:


This looks like a step forward:

The policy includes three principles as well as some draft text for government 
departments and agencies to include in future RFT documentation:
   * Principle 1:  Australian Government ICT procurement processes must 
actively and fairly consider all types of available software.
   * Principle 2: Suppliers must consider all types of available software when 
dealing with Australian Government agencies.
   * Principle 3:  Australian Government agencies will actively participate in 
open source software communities and contribute back where appropriate.



Policy available in HTML at


Marghanita
--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html





--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-03 Thread Marghanita da Cruz 

David Kidd wrote:

   * Principle 1:  Australian Government ICT procurement processes must 
actively and fairly consider all types of available software.
   * Principle 2: Suppliers must consider all types of available software 
when dealing with Australian Government agencies.
   * Principle 3:  Australian Government agencies will actively participate 
in open source software communities and contribute back where appropriate.


Principle 3 is very vague -- what does 'actively participate' mean in practice?




I think this is a step forward and is no doubt something we
at SLUG could have some input into - perhaps as part of my
session  at tonight's SLUG meeting.


Further in Senator Lundy's blog posting:


For anyone interested in open source development the policy is well worth 
reading as I think it is a significant step forward. You can find The Guide to 
Open Source Software for Australian Government Agencies here.




Press Release: Special Minister of State Gary Gray ? Government moves to 
encourage use of Open Source Software.


There is some irony (or indication in how far the Federal
Government has to go) in this statement in the Minister?s
Media Release.


?The Australian Government Policy on Open Source Software is available on the 
Department of Finance and Deregulation website in PDF and RTF formats.?



Marghanita




--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-03 Thread Dean Hamstead 
this legislation is meaningless as open source projects cant respond to tenders.

vendors are already selling products rooted in, or heavily based on open 
source. the basis of the softwares development was already irrelevant in the 
tender process.

this legislation should have also included statements requiring software 
licenses to be strictly adhered to - open source or otherwise - and some 
commitment to enforcing the disclosure of source code from the vendors when 
appropriate.

Dean


On 04/02/2011, at 7:57 AM, Marghanita da Cruz  wrote:

> This looks like a step forward:
>> The policy includes three principles as well as some draft text for 
>> government departments and agencies to include in future RFT documentation:
>>* Principle 1:  Australian Government ICT procurement processes must 
>> actively and fairly consider all types of available software.
>>* Principle 2: Suppliers must consider all types of available software 
>> when dealing with Australian Government agencies.
>>* Principle 3:  Australian Government agencies will actively participate 
>> in open source software communities and contribute back where appropriate.
> 
> 
> Policy available in HTML at
> 
> 
> Marghanita
> -- 
> Marghanita da Cruz
> http://ramin.com.au
> Tel: 0414-869202
> 
> 
> -- 
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Federal Gov Open Source Policy

2011-02-03 Thread David Kidd 
>>    * Principle 1:  Australian Government ICT procurement processes must 
>> actively and fairly consider all types of available software.
>>    * Principle 2: Suppliers must consider all types of available software 
>> when dealing with Australian Government agencies.
>>    * Principle 3:  Australian Government agencies will actively participate 
>> in open source software communities and contribute back where appropriate.

Principle 3 is very vague -- what does 'actively participate' mean in practice?

DK
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Federal Gov Open Source Policy

2011-02-03 Thread Marghanita da Cruz 

This looks like a step forward:

The policy includes three principles as well as some draft text for government 
departments and agencies to include in future RFT documentation:

* Principle 1:  Australian Government ICT procurement processes must 
actively and fairly consider all types of available software.
* Principle 2: Suppliers must consider all types of available software when 
dealing with Australian Government agencies.
* Principle 3:  Australian Government agencies will actively participate in 
open source software communities and contribute back where appropriate.



Policy available in HTML at


Marghanita
--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html