Re: Question for DPL Candidates: Debian $$$

To: debian-vote@lists.debian.org
Subject: Re: Question for DPL Candidates: Debian $$$
From: Mark Brown <broonie@sirena.org.uk>
Date: Thu, 26 Mar 2009 11:26:53 +0000
Message-id: <[🔎] 20090326112653.GA3771@sirena.org.uk>
Mail-followup-to: debian-vote@lists.debian.org
In-reply-to: <[🔎] 20090326062821.GD5662@aehallh.com>
References: <[🔎] 20090318212429.GA6820@nahmias.net> <[🔎] 20090321021406.GS3938@einval.com> <[🔎] 49c783da.iPhtaLBgm6ctE8nR%mjr@phonecoop.coop> <[🔎] 20090323134827.GB16758@usha.takhisis.invalid> <[🔎] 49c8e6ea.UKnPGvVH9W5HEN9p%mjr@phonecoop.coop> <[🔎] 20090325131501.GF20936@sirena.org.uk> <[🔎] 20090326062821.GD5662@aehallh.com>

On Thu, Mar 26, 2009 at 02:28:21AM -0400, Zephaniah E. Hull wrote:
> On Wed, Mar 25, 2009 at 01:15:02PM +0000, Mark Brown wrote:

> > This is also an issue in some other industries for things like the PCI
> > DSS (http://en.wikipedia.org/wiki/PCI_DSS), FWIW.

> Taken with a grain of salt, but I can't recall any part of the PCI
> DSS which Debian doesn't comply with at least as well as Redhat does.

The issue is not if we comply, it's if we've got certification saying
that we comply - the people who care about this stuff need to have the
certification.

> Which is to say, on the server or desktop side PCI does not require
> certification or independent evalutaion of the OS or applications, just
> that given practices be followed. (Some of them are a bit, odd, or
> downright insane, but.)

> Now, the issues with stuff embedded into credit card terminals or ATMs
> gets a lot nastier.  Most of that goes into the hardware side, but I
> have not had to go through a PCI audit on those, so I'm not sure what
> all is involved.

My understanding is that it's an issue on the server side as well if
you're pushing the interesting data through there.  I also understand
that some of it is things like verifying that relevant security updates
have been applied which is a best practice sort of thing but is
something that people can do in a canned way with some OS knowledge.

Reply to:

Follow-Ups:
- Re: Question for DPL Candidates: Debian $$$
  - From: "Zephaniah E. Hull" <warp@aehallh.com>

References:
- Question for DPL Candidates: Debian $$$
  - From: joe@nahmias.net (Joseph Nahmias)
- Re: Question for DPL Candidates: Debian $$$
  - From: Steve McIntyre <steve@einval.com>
- Re: Question for DPL Candidates: Debian $$$
  - From: MJ Ray <mjr@phonecoop.coop>
- Re: Question for DPL Candidates: Debian $$$
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: Question for DPL Candidates: Debian $$$
  - From: MJ Ray <mjr@phonecoop.coop>
- Re: Question for DPL Candidates: Debian $$$
  - From: Mark Brown <broonie@sirena.org.uk>
- Re: Question for DPL Candidates: Debian $$$
  - From: "Zephaniah E. Hull" <warp@aehallh.com>

Prev by Date: Re: Amendment: automatic expiry-on-failure, to Proposal: Enhance requirements for General resolutions
Next by Date: Re: [Amendment] Reaffirm current requirements for GR sponsoring
Previous by thread: Re: Question for DPL Candidates: Debian $$$
Next by thread: Re: Question for DPL Candidates: Debian $$$
Index(es):
- Date
- Thread