Linked by Thom Holwerda on Fri 29th Jun 2007 13:06 UTC, submitted by irbis
Red Hat "Red Hat and IBM recently announced that Red Hat Enterprise Linux 5 has earned the highest level of security certification achievable by commercial off-the-shelf operating systems. The certification is applicable when RHEL5 is running on IBM hardware, but all of the software is freely available, which may reduce the worries of customers regardless of which hardware they are considering running Linux on. The Fedora and CentOS distributions will immediately benefit, because they use the same software and SELinux policies, but other distributions can use the information as well."
Permalink for comment 251690
To read all comments associated with this story, please click here.
RE[3]: The article is wrong...
by tsedlmeyer on Fri 29th Jun 2007 17:48 UTC in reply to "RE[2]: The article is wrong..."
tsedlmeyer
Member since:
2005-07-07

this is a serious shortcoming and could possibly hamper implementation in some environments.


I think the circumstances where it could hamper deployment are going to be extremely rare. This would mostly have an impact in situations where RHEL5 was going to be deployed as a workstation. RHEL 5 is almost exclusively going to be considered for deployment as a server in these environments which means the GUI is pointless.

Let's also face the reality that for the most part certification is just a check mark during the purchasing phase. The product has to be certified to be purchased for the particular project. After that there is usually no effort to deploy the software in a manner consistent with the posture used during certification. Hopefully compliance with the relevant STIGs will occur. I'm not saying this is right or this is how it is everywhere, but it is certainly what I have generally seen.

Reply Parent Score: 1