[ale] Letter of Volatility
Jim Lynch
ale_nospam at fayettedigital.com
Wed Jan 29 21:12:19 EST 2014
On 01/29/2014 06:05 PM, Jeff Hubbs wrote:
> Pretty much. If as much as one bit of code differs from the certified
> configuration, then it's no longer the certified configuration.
> Whether the RHEL/CentOS differences are the least bit meaningful or
> germane - or that you could prove the provenance of every CentOS
> binary - is irrelevant. This suggests, at least to me, that you'd
> better not rebuild any binaries that the machine started off with in
> its certified configuration. Also, you're stuck with ancient versions
> of kernels and important packages (but that could be applied to
> RHEL/CentOS in general).
When our company first started working on the orange book certification
there was a bit of confusion. Some seemed to thing if the OS was
certified then that's all there was. Turns out the truth is the
certification is for the whole ball of wax. OS, hardware etc. As you
said any changes to the code required a recertification. I think the
net return for implementing orange book specs was negative.
Jim.
More information about the Ale
mailing list