I do have SVN write access now, thank you. I've placed the Common Criteria documents (as well as the Evaluation Methodology document, and a couple of supplementary materials) in the repository as the test.
What is our source control plan? "Only project members, as agreed by Krishna and Ron through some 'hiring-type' process, shall have write access to the repository"?
Also, EAL 3 and 4 require a "controlled development environment". I'm not entirely certain what this means (likely that there is a low possibility for viruses or other attack vectors that could create unauthorized changes to the source)... I wonder if we can meet this requirement using VMware player and a customized VM image, perhaps Ubuntu 6.06LTS with all development tools installed and only security updates. (We need to examine the Evaluation Methodology document to understand this requirement and requirements of implementation.)
For Windows, I have MSDN Windows 2000 that I can install in a VM. I don't like XP nor Vista, and am well-familiar with 2000. I can also install VC++ 2005 Express Edition, as necessary, and (if we choose to use OpenSSL on the Windows platform) the toolchain required to build the FIPS-validated version of that as well.
(I also have a validly licensed copy of VMware 4.5 within which I can build customized VM images.)
Remember, documentation of the process and any modifications to the environments is key.
-Kyle H
On 10/17/06, Krishna Sankar ksankar@doubleclix.net wrote:
Kyle,
Can you see if you have the SVN write access ?
All, Just as FYI, we need gmail address to become part of the Google project and it has no Wiki. Any thoughts on the Wiki for us to document the functionalities and the results of development/testing ?
Cheers
<k/>
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Kyle Hamilton Sent: Monday, October 16, 2006 8:33 PM To: Cryptography Team Development List Subject: [Cryptography Team] Common Criteria Documentation...
I found the Google Code project that Krishna started, and uploaded the Common Criteria documentation I found (in PDF form) to it as an issue. Unfortunately, I don't have SVN write access, and I don't know how to get it either.
After reading it, I realized that it /IS/ a good idea for anyone starting on CC validation to read it before they start. It's important to realize what it is, and what the goals must be. (As well, it also helps customers -- that'd include you, Ron -- understand what the various validation levels are, and compare them to regulatory requirement.)
--
-Kyle H I speak only for myself. I don't have the faintest clue about anyone else. _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry ptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Kyle,
I like the idea of letting Krishna flush out the details of step one. Keep in mind our goal is to be very through and thoughtful about each step which may require a slower pace. Also a major goal is to provide a road map which others (including us) can learn from.
I understand the need for a controlled environment, which we spoke about earlier, but I'm not sure that is the right place to start. I am also ok with letting Krishna define access requirements to repositories based on his interpretation of what is needed to move forward.
Ron
From: Kyle Hamilton Sent: Tuesday, October 17, 2006 12:14 PM
I do have SVN write access now, thank you. I've placed the Common Criteria documents (as well as the Evaluation Methodology document, and a couple of supplementary materials) in the repository as the test.
What is our source control plan? "Only project members, as agreed by Krishna and Ron through some 'hiring-type' process, shall have write access to the repository"?
Also, EAL 3 and 4 require a "controlled development environment". I'm not entirely certain what this means (likely that there is a low possibility for viruses or other attack vectors that could create unauthorized changes to the source)... I wonder if we can meet this requirement using VMware player and a customized VM image, perhaps Ubuntu 6.06LTS with all development tools installed and only security updates. (We need to examine the Evaluation Methodology document to understand this requirement and requirements of implementation.)
For Windows, I have MSDN Windows 2000 that I can install in a VM. I don't like XP nor Vista, and am well-familiar with 2000. I can also install VC++ 2005 Express Edition, as necessary, and (if we choose to use OpenSSL on the Windows platform) the toolchain required to build the FIPS-validated version of that as well.
(I also have a validly licensed copy of VMware 4.5 within which I can build customized VM images.)
Remember, documentation of the process and any modifications to the environments is key.
-Kyle H
On 10/17/06, Krishna Sankar ksankar@doubleclix.net wrote:
Kyle,
Can you see if you have the SVN write access ?
All, Just as FYI, we need gmail address to become part of the Google project and it has no Wiki. Any thoughts on the Wiki for us to document
the
functionalities and the results of development/testing ?
Cheers
<k/>
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Kyle Hamilton Sent: Monday, October 16, 2006 8:33 PM To: Cryptography Team Development List Subject: [Cryptography Team] Common Criteria Documentation...
I found the Google Code project that Krishna started, and uploaded the Common Criteria documentation I found (in PDF form) to it as an issue. Unfortunately, I don't have SVN write access, and I don't know how to get it either.
After reading it, I realized that it /IS/ a good idea for anyone starting on CC validation to read it before they start. It's important to realize what it is, and what the goals must be. (As well, it also helps customers -- that'd include you, Ron -- understand what the various validation levels are, and compare them to regulatory requirement.)
--
-Kyle H I speak only for myself. I don't have the faintest clue about anyone else. _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry ptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
cryptography@lists.squeakfoundation.org