Proposed resolutions are in the comment header block. Updated 8 January 2004 _____________________________________________________________________________ COMMENT Enhancement Request Number 1 douglas.johnson Bug in COE_Certpolicy-1.1L 1.3 (rdvk# 2) {sun-01} Fri, 2 Jan 2004 20:10:10 GMT _____________________________________________________________________________ Accept_____ Accept as marked below_X___ Duplicate_____ Reject_____ Rationale for rejected or partial changes: Change "Indicators of Conformance" to "Indicators of Compliance" to match the Product Standards Add new definitions: "Indicators of Compliance Defined in the Product Standard these identify one or more designated test suites or test procedures that must be used during conformance testing to demonstrate conformance to the Product Standard. No test suite can ever ensure conformance; the test suites are therefore known as Indicators of Compliance. Test Campaign The Test Campaign is the set of test suites or test procedures that must be completed to demonstrate conformance to a Product Standard. The Test Campaign for an initial certification is based on the set of Indicators of Conformance defined for all the applicable Product Standards. In cases other than initial certification, the CA will define a Test Campaign, which may be full, partial, or not required depending on the circumstances and level of certification; for example, product updates and renewals." _____________________________________________________________________________ Page: 4 Line: 120 Section: 1.3 Problem: Suggest addition of two definitions to the table: - Test Campaign - Indicator of Conformance Action: Add concise definitions for the two items noted. These terms are of equal or greater importance to other terms included in the otherwise excellent table of definitions. _____________________________________________________________________________ COMMENT Enhancement Request Number 2 bmark Bug in COE_Certpolicy-1.1L 1.1 (rdvk# 5) {IBM-001-03} Fri, 19 Dec 2003 21:09:32 GMT _____________________________________________________________________________ Accept_____ Accept as marked below_X___ Duplicate_____ Reject_____ Rationale for rejected or partial changes: Add Footnote containing reference: Common Operating Environment (COE), Cross Application Platform Compliance Criteria, Version 2003, CM Reference: D12282. http://www.disa.mil/ges/coe_kpc/crossplatformcompliancecriteria.doc As a related action investigate if a copy can be taken of the document for the COE Platform certification document repository. _____________________________________________________________________________ Page: 5 Line: 92 Section: 1.1 Problem: Where does this document exist? Needs a reference. Action: Add reference in front or back of document, where this document can be found. _____________________________________________________________________________ OBJECTION Enhancement Request Number 3 bmark Bug in COE_Certpolicy-1.1L 9.1 (rdvk# 3) {IBM-003-03} Fri, 19 Dec 2003 21:35:11 GMT _____________________________________________________________________________ Accept_____ Accept as marked below_X___ Duplicate_____ Reject_____ Rationale for rejected or partial changes: Note, problem reports are sanitized (as per Section 9.4 of th policy) so not identifiable unless applicants put identifiable information in the public parts. Secondly the problem report database is only available to those in the program under password protection. In this case problems with the GSKS code should just been seen as equivalent to problems with a test suite and not a reflection on any implementation. Change 1st sentence in section 9.4 from "The CA will maintain a web-based repository of all submitted Problem Reports." to "The CA will maintain a password-protected web-based repository of all submitted Problem Reports." _____________________________________________________________________________ Page: 20 Line: 436 Section: 9.1 Problem: The Gov't supplied code is full of places that require changes. This is due to it being hard-coded to support one particular distribution of Linux. This puts purveyors of the other Linux distributions in a bad light, given that there will be a _large_ number of "Problem Reports" for any distribution other than the "default" one. Action: Either Problem Reports are not public; or Do not enable this certification program until the Gov't supplied code is truly portable on Linux. _____________________________________________________________________________ OBJECTION Enhancement Request Number 4 bmark Bug in COE_Certpolicy-1.1L 9.1 (rdvk# 4) {IBM-002-03} Fri, 19 Dec 2003 21:32:20 GMT _____________________________________________________________________________ Accept_____ Accept as marked below_X___ Duplicate_____ Reject_____ Rationale for rejected or partial changes: Note that the problem exists also in the COE Platform Policy prior to this version. The intent is to handle it in the same way as test suite problems. Add bullet: + Errors in the Government Supplied Kernel Software (GSKS) code, typically portability problems. _____________________________________________________________________________ Page: 20 Line: 436 Section: 9.1 Problem: The Gov't supplied code is full of places that require changes. This is due to it being hard-coded to support one particular distribution of Linux. There is no provision for a Problem Report being placed against the Gov't supplied code itself. (BTW: The "COE Linux Platform Government-Supplied Kernel Source Product Standard" page 3 line 50, expects this to be possible). Action: Add code porting issues as a reason for a Problem Report _____________________________________________________________________________ COMMENT Enhancement Request Number 5 douglas.johnson Bug in COE_Certpolicy-1.1L 9.1 (rdvk# 1) {sun-02} Fri, 2 Jan 2004 20:16:35 GMT _____________________________________________________________________________ Accept_____ Accept as marked below_X___ Duplicate_____ Reject_____ Rationale for rejected or partial changes: Add note in parentheses See Section 10 of Part A Standards of Quality of The Open Brand TMLA for information on minor errors. _____________________________________________________________________________ Page: 20 Line: 443 Section: 9.1 Problem: Suggest clarification of what constitutes a "minor error in the implementation", and whether this is referring to errors in the GSKS or the applicants software. Action: Clarify the definition of a "minor error", and whether this is in the GSKS code or applicants code. Perhaps examples of minor errors would help.