Well yea, but most all of it gets reviewed in a lot of defense environments, the stuff that's not is like Adobe which in theory ought to get some coverage from looking at it for other certifications. >From what I've seen, it's a crapshoot wether, and to what extent, an evaluator does work on binary components. Much of it can depend on how they're being used in an environment.
I've had to do reviews of binary-only components for evaluation, and it's painful but we still did it. My main point was along the lines that what's happening is really the opposite of sneaking a back door in, instead there are huge piles of people globally who're working to prevent that. Tim On Wed, Jan 02, 2008 at 11:12:15AM -0800, Alan Coopersmith wrote: > Tim Scanlon wrote: > > dclarke wrote: > > "minor nit. Solaris is not open source." > > > > Solaris still gets code reviews by government agencies to preclude this > > sort of OS back door though, > > Not all of it - I don't know of anyone in the world, inside or > outside of Sun, who has access to every line of source code in > Solaris. As a simple example - Sun doesn't have access to the > source code for either Acrobat Reader (duh! don't you think we'd > have built it for x86 now if we could?) or the nVidia accelerated > graphics drivers (ooh! kernel module!). Other parts of third > party code in Solaris are tightly restricted and access only > available to the engineering teams who work on them. > > -- > -Alan Coopersmith- [EMAIL PROTECTED] > Sun Microsystems, Inc. - X Window System Engineering > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
