On 11/06/2012 03:07 AM, An Yang wrote: > Hi all, > > Redhat announced that RHEL6 got EAL4+ certification at last week, and > Redhat released cc-eal4-config-rhel62-0.33-1.noarch.rpm in RHEL6's repo, > I think CentOS6.2 should got the same EAL4+ security level. > Is that possible to add this package in CentOS6's repo? > > Bests, > An Yang Reproducing the bits is not reproducing the certification ... becoming EAL4+ certified is a hugely expensive proposition. This is what EAL is: http://en.wikipedia.org/wiki/Evaluation_Assurance_Level As you can see, this certification process for EAL4+ is a 2 year, $350,000.00 dollar process. To the best of my knowledge, RHEL and SLES are the only EAL certified Linux distros out there ... and that does not include their Fedora or OpenSUSE variants. My research shows that Debian and Ubuntu (as examples) are not EAL certified either. Not only that, there is RHEL specific documentation about the EAL4+ certification process in that SRPM. If we replace all the RHEL specific language in said documentation, we would be claiming CentOS has EAL4+ certification, which it does not. We can not publish something that claims EAL4+ certification (or even EAL testing) for CentOS. That SRPM is easy enough to compile, so people can compile it if they want ... but if someone is in the least bit interested in EAL4+ certification for a machine because they actually need that certification, then they need to buy a RHEL subscription. Red Hat charges money for their products specifically so that they can perform expensive certifications like this and provide that certification to their subscribers. That is my take. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20121106/abc7b353/attachment-0007.sig>