Re: 8.4 release planning

On Tue, Jan 27, 2009 at 06:20:41AM -0800, Ron Mayer wrote:
> For what it's worth, we can see that there are indeed
> Postgres forks on the Common Criteria certified list.
>
> http://www.commoncriteriaportal.org/products_DB.html
> PostgreSQL Certified Version V8.1.5 for Linux
> Manufacturer Assurance level Certification date
> NTT DATA CORPORATION EAL1 22-MAR-07
> Certification report
> c0089_ecvr.pdf
> http://www.commoncriteriaportal.org/files/epfiles/c0089_ecvr.pdf
>
> though at EAL1 they're quite far from the EAL4+ that DB2,
> Oracle, etc get.

As far as I understand, the different levels are about assuring a
set of code/features to some assurance level. The Wikipedia page[1]
gives a reasonable overview of the levels, but basically EAL1 says
that a limited amount of effort (in practical terms, several person
months/years of time for something like PG) was put in, EAL4 is the
highest level before things start getting formal (i.e. you actually have
to start doing some mathematical proofs about the design) and EAL7 has
barely started, but says that the design is formally verified but the
code isn't (as far as I understand). Research groups are suggesting
that there should also be levels above EAL7 as we are *starting* to know
how to verify code well enough that the code, as well as the design, can
now be formally verified (e.g. [2]).

Equally important as the assurance level are the actual feature set
(there are technical names for this that I know very little about) that
was actually tested for. For example, it would be comparatively easy
to get PG certified saying that it loads and could be killed, but much
harder to get it certified as complying with the complete SQL spec.

--
Sam http://samason.me.uk/

[1] http://en.wikipedia.org/wiki/Evaluation_Assurance_Level
[2] http://ertos.nicta.com.au/research/l4.verified/