Re: 8.4 release planning

From: Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
To: Simon Riggs <simon(at)2ndQuadrant(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: 8.4 release planning
Date: 2009-01-27 14:20:41
Message-ID: 497F1839.8050801@cheapcomplexdevices.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Simon Riggs wrote:
> The process works like this: software gets developed, then it gets
> certified. If its not certified, then Undercover Elephant will not be
> used by the secret people. We can't answer the "will it be certified?"
> question objectively yet. If we have someone willing to write the
> software and put it forward for certification then we should trust that
> it probably will pass certification and if it doesn't we will see
> further patches to allow that to happen.

For what it's worth, we can see that there are indeed
Postgres forks on the Common Criteria certified list.

http://www.commoncriteriaportal.org/products_DB.html
PostgreSQL Certified Version V8.1.5 for Linux
Manufacturer Assurance level Certification date
NTT DATA CORPORATION EAL1 22-MAR-07
Certification report
c0089_ecvr.pdf
http://www.commoncriteriaportal.org/files/epfiles/c0089_ecvr.pdf

though at EAL1 they're quite far from the EAL4+ that DB2,
Oracle, etc get.

That someone went through the effort suggests that there's at least
some interest in getting security certifications for postgres.

It'd be interesting to hear from whomever at NTT was involved with
that certification, if SEPostgreSQL would have either made that
process easier or help postgres achieve a higher level.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2009-01-27 14:24:39 Re: 8.4 release planning (was Re: [COMMITTERS] pgsql: Automatic view update rules)
Previous Message Dave Page 2009-01-27 14:10:50 Re: 8.4 release planning (was Re: [COMMITTERS] pgsql: Automatic view update rules)