Re: Question for DPL Candidates: Debian $$$
On Wed, Mar 25, 2009 at 01:15:02PM +0000, Mark Brown wrote:
> On Tue, Mar 24, 2009 at 01:58:02PM +0000, MJ Ray wrote:
> > Use of debian seems to be limited because it isn't on any approved
> > lists and charties can't get funding for an independent evaluation at
> > the moment. Would you support using donations to fund one or both of
> > those?
> This is also an issue in some other industries for things like the PCI
> DSS (http://en.wikipedia.org/wiki/PCI_DSS), FWIW.
Taken with a grain of salt, but I can't recall any part of the PCI
DSS which Debian doesn't comply with at least as well as Redhat does.
Which is to say, on the server or desktop side PCI does not require
certification or independent evalutaion of the OS or applications, just
that given practices be followed. (Some of them are a bit, odd, or
downright insane, but.)
Now, the issues with stuff embedded into credit card terminals or ATMs
gets a lot nastier. Most of that goes into the hardware side, but I
have not had to go through a PCI audit on those, so I'm not sure what
all is involved.
Zephaniah E. Hull.