[Debtags-devel] Re: software quality tags?

Enrico Zini enrico at enricozini.org
Fri Sep 9 11:50:23 UTC 2005


On Fri, Sep 09, 2005 at 01:19:14PM +0200, Michelle Konzack wrote:

> Am 2005-09-07 19:37:24, schrieb Erich Schubert:
> > Maybe we should make that more tags, like "audited by debian", "EAL5+"...
> Because I (Lieutenant) am working for the french Military and was
> resposable for the start of the "Common Criteria" Project wich is
> based on Debian (Woody/Sarge, I like to see, packages tagged with
> EAL0 up to EAL6.

Uhm, I do not know much of these things, so I need a bit of briefing.

What are these EAL things?  Who does them?

If there is some authority making them, then they can publish a tag
source and vocabulary snippet like (omitting descriptions and spaces
between records for brevity):

Facet: audited
Tag: audited::eal
Tag: audited::eal:0
Tag: audited::eal:1
Tag: audited::eal:2
Tag: audited::eal:3
Tag: audited::eal:4
Tag: audited::eal:5
Tag: audited::eal:6

And then every time they audit a package they can add that to the tags:

foobar: audited::eal:3

But then there are other issues like 'date of checking', 'version
checked', 'who checked' and so on.  I don't know if debtags is the right
way to implement this, really.

Maybe there should be a more complete database, and debtags could
provide a limited view of it, like "All EAL4 packages audited less than
6 months ago get "audited::eal4".  And then, debtags still doesn't track
versions.  No, probably Debtags isn't the right way of doing this.  Not
now nor anytime soon, I guess.


Ciao,

Enrico

--
GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/debtags-devel/attachments/20050909/94cca5c1/attachment.pgp


More information about the Debtags-devel mailing list