On Mon, Apr 19, 2021 at 3:15 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Mon, Apr 19, 2021 at 3:43 PM Ted Toth <txtoth@xxxxxxxxx> wrote: > > > > Having read: > > https://www.redhat.com/en/about/press-releases/red-hat-adds-common-criteria-certification-red-hat-enterprise-linux-8 > > and seen no mention of SELinux I/we are wondering what others are thinking/doing about the lack of certification? Are we going to have to take this on ourselves and if so what would be a good starting point (LSPP)? > > As a reminder, the SELinux developers list is an upstream list for the > discussion and development of SELinux; it is not a distro specific > list. While the general topic of security certifications such as > Common Criteria can be on-topic for this list, distro specific > security certifications are likely best discussed with the individual > distro/vendor. The reference to RH was just an example of the lack of SELinux CC and not meant to be a question specifically about RH my apologies. > > Last I checked, a CC eval of a general purpose Linux distro was a > rather expensive undertaking, I doubt that any of the volunteer based, > non "enterprise" distros would be able to go through such a > certification without some form of sponsorship or corporate backing. > > -- > paul moore > www.paul-moore.com
