Mailing List Archive: Zope: Dev

Zope 3.3 common criteria derivative

Index | Next | Previous | View Threaded

ct at gocept

Nov 7, 2007, 1:47 AM

Post #1 of 5 (643 views)
Permalink

Zope 3.3 common criteria derivative

Hi,

the common criteria evaluation is using zc`s "Sharing" security policy.
I need to specify a version number/name that describes the release to be
evaluated.

The most straight forward thing I can think of is to create a branch
derived from the 3.3 release series that includes zc.sharing and is
configured for using it in the common criteria evaluated way.

A name proposal would be "Zope 3 Common Criteria Edition". The question
would be whether to let it have it's own version number (1.0) or to
start from the version number of Zope 3.3 that it was built on.

Comments?

Christian

--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct [at] gocept - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development

Attachments:

signature.asc (0.18 KB)

srichter at cosmos

Nov 7, 2007, 3:04 AM

Post #2 of 5 (587 views)
Permalink

Re: Zope 3.3 common criteria derivative [In reply to]

On Wednesday 07 November 2007, Christian Theune wrote:
> A name proposal would be "Zope 3 Common Criteria Edition". The question
> would be whether to let it have it's own version number (1.0) or to
> start from the version number of Zope 3.3 that it was built on.

I think it would be okay to start at 1.0; It is a important accomplishment and
would confuse people less, I think.

My question would be, with Zope being split into packages now, would it not be
easier to do the security evaluation based on a set of eggs? It would entail
less code that needs to be reviewed.

Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

ct at gocept

Nov 7, 2007, 3:41 AM

Post #3 of 5 (590 views)
Permalink

Re: Zope 3.3 common criteria derivative [In reply to]

Hey,

Am Mittwoch, den 07.11.2007, 06:04 -0500 schrieb Stephan Richter:
> On Wednesday 07 November 2007, Christian Theune wrote:
> > A name proposal would be "Zope 3 Common Criteria Edition". The question
> > would be whether to let it have it's own version number (1.0) or to
> > start from the version number of Zope 3.3 that it was built on.
>
> I think it would be okay to start at 1.0; It is a important accomplishment and
> would confuse people less, I think.
>
> My question would be, with Zope being split into packages now, would it not be
> easier to do the security evaluation based on a set of eggs? It would entail
> less code that needs to be reviewed.

Yes it would be but we're way too far down the road and really just want
to get finished what we started.

Christian

--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct [at] gocept - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development

Attachments:

signature.asc (0.18 KB)

jim at zope

Nov 7, 2007, 7:03 AM

Post #4 of 5 (584 views)
Permalink

Re: Zope 3.3 common criteria derivative [In reply to]

On Nov 7, 2007, at 4:47 AM, Christian Theune wrote:

> Hi,
>
> the common criteria evaluation is using zc`s "Sharing" security
> policy.
> I need to specify a version number/name that describes the release
> to be
> evaluated.

I'm sad to say that, while I still like this security policy, we're
no longer using it, which probably means no one is using it. I
apologize for pointing you in that direction. I sadly recommend using
the standard security policy. Of course, you're welcome to keep using
the sharing security policy. maybe that's easier at this point.

Jim

--
Jim Fulton
Zope Corporation

_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

ct at gocept

Nov 7, 2007, 7:08 AM

Post #5 of 5 (589 views)
Permalink

Re: Zope 3.3 common criteria derivative [In reply to]

Hi,

Am Mittwoch, den 07.11.2007, 10:03 -0500 schrieb Jim Fulton:
> On Nov 7, 2007, at 4:47 AM, Christian Theune wrote:
>
> > Hi,
> >
> > the common criteria evaluation is using zc`s "Sharing" security
> > policy.
> > I need to specify a version number/name that describes the release
> > to be
> > evaluated.
>
> I'm sad to say that, while I still like this security policy, we're
> no longer using it, which probably means no one is using it.

I already somewhat suspected that but I do think it's still useful and
I'll continue using it for the sake of getting done.

> I apologize for pointing you in that direction. I sadly recommend using
> the standard security policy. Of course, you're welcome to keep using
> the sharing security policy. maybe that's easier at this point.

No worries.

I feel the same and except from deriving from the standard back then
nobody could have predicted this. I *was* thinking about switching but
that would make me rewrite large parts. I'll go down that road.

Thanks for the heads-up!

Christian

--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct [at] gocept - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development

Attachments:

signature.asc (0.18 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads