[arc-discuss] FOSS concerns
Darren Reed
Darren.Reed at Sun.COM
Mon Apr 7 18:37:28 PDT 2008
Garrett D'Amore wrote:
>...
>Specifically, we seem to have cases which basically want to elide ARC
>review, because they are adhering to (or importing from) FOSS software.
>What is the point of bringing such cases to ARC at all?
>...
>
>How do we reconcile the issues that arise when software
>developed/delivered without ARC review (or with all the normal Big Rules
>for Solaris software "waived" because of upstream purity) becomes used
>for "core" parts of Solaris. (E.g. when pkcs11_pam is used as a key
>piece of our Solaris authentication strategy, but fails to meet certain
>"Big Rules" for Solaris security?)
>
The counter example to that is the components of Solaris that
have come from FOSS communities for years: ipfilter, named
and sendmail are three very important components of Solaris
and exist as products in the open source world.
Each of these three has been brought before PSARC, once or
twice or more and have been subject to the usual kinds of
review.
If one was to use the above precedents as laying the ground
work for how future software should be considered then there
is no question about what should be expected from current and
future cases - including pkcs11_pam.
So until there is official communication indicating that we
should be doing something else, perhaps the best we can do
is to use established case history as a guide.
Darren
More information about the arc-discuss
mailing list