Simon Riggs wrote: > The process works like this: software gets developed, then it gets > certified. If its not certified, then Undercover Elephant will not be > used by the secret people. We can't answer the "will it be certified?" > question objectively yet. If we have someone willing to write the > software and put it forward for certification then we should trust that > it probably will pass certification and if it doesn't we will see > further patches to allow that to happen.
For what it's worth, we can see that there are indeed Postgres forks on the Common Criteria certified list. http://www.commoncriteriaportal.org/products_DB.html PostgreSQL Certified Version V8.1.5 for Linux Manufacturer Assurance level Certification date NTT DATA CORPORATION EAL1 22-MAR-07 Certification report c0089_ecvr.pdf http://www.commoncriteriaportal.org/files/epfiles/c0089_ecvr.pdf though at EAL1 they're quite far from the EAL4+ that DB2, Oracle, etc get. That someone went through the effort suggests that there's at least some interest in getting security certifications for postgres. It'd be interesting to hear from whomever at NTT was involved with that certification, if SEPostgreSQL would have either made that process easier or help postgres achieve a higher level. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
