Re: 8.4 release planning - Mailing list pgsql-hackers

From Ron Mayer
Subject Re: 8.4 release planning
Date
Msg-id 497F1839.8050801@cheapcomplexdevices.com
Whole thread Raw
In response to Re: 8.4 release planning  (Simon Riggs <simon@2ndQuadrant.com>)
Responses Re: 8.4 release planning
List pgsql-hackers
Simon Riggs wrote:
> The process works like this: software gets developed, then it gets
> certified. If its not certified, then Undercover Elephant will not be
> used by the secret people. We can't answer the "will it be certified?"
> question objectively yet. If we have someone willing to write the
> software and put it forward for certification then we should trust that
> it probably will pass certification and if it doesn't we will see
> further patches to allow that to happen.

For what it's worth, we can see that there are indeed
Postgres forks on the Common Criteria certified list.
http://www.commoncriteriaportal.org/products_DB.html   PostgreSQL Certified Version V8.1.5 for Linux   Manufacturer
Assurancelevel     Certification date   NTT DATA CORPORATION     EAL1     22-MAR-07   Certification report
c0089_ecvr.pdf  http://www.commoncriteriaportal.org/files/epfiles/c0089_ecvr.pdf
 

though at EAL1 they're quite far from the EAL4+ that DB2,
Oracle, etc get.

That someone went through the effort suggests that there's at least
some interest in getting security certifications for postgres.

It'd be interesting to hear from whomever at NTT was involved with
that certification, if SEPostgreSQL would have either made that
process easier or help postgres achieve a higher level.


pgsql-hackers by date:

Previous
From: Timo Savola
Date:
Subject: log_duration_sample config option patch
Next
From: Magnus Hagander
Date:
Subject: Re: 8.4 release planning (was Re: [COMMITTERS] pgsql: Automatic view update rules)