[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Kicking off a discussion of building a Linux/GNU certification framework

Moving a set of private correspondence into the public arena
(no footnotes -- but issues are spotted in [square brackets])

[A]  I have been working through the NIST FIPS 151-2 test suite,
having a little 'off-list' discussion with Ian Nandhra and Stuart

The discussion centered on:

> >I've spent time over the last week with the NIST posix-1 test
> >distribution, and built 'helper' scripts to automate the testing
> >process

(By way of background on the participants, , Ian sheparded
POSIX Linux certification through a couple of years back, and as I 
understand it, Stuart worked through the TOG VSX suite for NCR in
past.  Me, I do this for fun and profit, and have been hacking
since Lyndon Johnson was pulling the ears on beagles).

There's a lot of topics here -- let's have at it.

The correspondence, reposted with consent

(Ian <Ian@NC-Labs.com> had responded to my 'musing' on the state
of building a driving wrapper for the NIST FIPS 151-2 [Posix-1]
test suite.  Repsonding, I said:

Thanks for the reply -- I appreciated your reply, and your
questions and observations answered inline ... I may rework this,
and 'stake out a position' with a Slashdot editorial submission

>Ian Nandhra wrote:

> This is Good News indeed!  There have been a great many people 
> actually investigating the Standardisation of Linux and I am sure 
> that everyone will
> welcome your contribution.  Regarding the list - yes, I think that 
> it would help.

... It appears that there is a list on this topic already hosted
at Debian -- 

>            Re: FIPS 151-2 certification of Linux
>            FROM: Stuart Anderson <anderson@metrolink.com>
>            TO: R P Herrold <herrold@usa.net>

>         There are several lists that are part of the LSB. You can find
> info on them at www.linuxbase.org.

... rather than reinvent the wheel, I have subscribed to a testing
suite sub-list, and will watch its traffic, and probably

> I would *STRONGLY* encourage you to use the tests from The Open Group.
> They are more up-to-date and also contain the VSX tests which form *part* 
> of UNIX95 Branding (the ultimate goal).


... I'm a sport -- and was approaching the problem from the bottom
up -- but a top-down design, gathering _all_ the generally
tests may be more appropiate. [Each concept based in the IBM HIPO 
methodology in the early '70s.]

... I had understood that there was a set of licensing, (NDA <?>),
licensing fees in The Open Group's process, but that information
was secondhand -- I'll expand my research, -- the website and
materials seem to be compiled at:  http://www.opengroup.org/

-- and in checking out "How to Join", right off the top, I am
offered three membership levels, without pricetags shown -- they 
must be expensive <grin>.

--- and a 220K PDF document describes how to use their trademark
of the term "Unix".

... This seems contrary to the spirit of GPL, and Free Source/Open


also, the nice thing about standards is that there are so many of
them -- from:

                                   UNIX® System API tables - these
                                   tables show the standards
                                   for all the interfaces in the
                                   specification with respect to
                                   98, UNIX 95, ISO POSIX-1, ISO
                                   POSIX-2, the ISO C standard,
                                   and BSD4.3 . 

> I was uncertain as to if Stuart's Slashdot editorial was advocating
> Standards conformance, a Linux proprietary standard based around UNIX95
> or what.

... One of the nice things of the "Bazaar" approach to development
is that 'each of us may tend in our own fields, and none may make
us afraid ...' - with apologies to RMS and ESR, among others.


> It did manoever around the various policital problems with the
> project!  

... Politics is life -- I have some essays on the topic,
intermixing Libertarianism, my personal religious beliefs, and
principles of Scouting -- they all seem to run together ... but
your remark is well taken -- some of the participants need to take
a deep breath, and think about their 'First Principles' before
posting, to keep the temperature down.


> There is great deal of pressure and temptation to change the
> POSIX tests to suit current behaviour and Stuart does not mention 
> changing the (sometimes **VERY** broken) Commands and Utilities 
> that also covered by UNIX95.

(from Ian's editorial)
> >      Linux was certified against FIPS 151-2 in 1996 and these
> >      Certification tests (and others) are being re-run to see how far
> >      Linux has drifted from this original certification (anyone
> >      interested should drop me [Ian] an email).

... Again -- by working from the bottom up, identifying
non-conformances, and feeding them back to the responsible
maintainer, ultimately we will have brushed out the cobwebs and
removed the "Drift" from the standard in a responsible manner.

The mentioned temptation to vary from the standard, no matter the
good intention behind it, is always present -- I do not endorse

One of the nice things about the Bazaar development model is that
competing packages will compete, and either move (advance) the
standard, or themself _de facto_ be, and thereafter become the
standard.  I am thinking of GCC, Altman's sendmail, Vixie's named,
Crispin's UW imap, ESR's fetchmail, {ssh(v.1) -- but moving from
its OS roots}, {Linux v. HURD} (speaking softly on the {} items,
to try to avoid calling down the
flames ... <grin>).  The list may be arbitrarily extended, and the
examples chosen were the first to pop to mind...


> >From what I can see, it seems that LI/LSB is going for the libraries,
> kernel and other issues that affect the Vendors in LI. This is a Good
> Thing.  It also seems that the LSA and others are going after UNIX95
> which is also a Good Thing. Either way, we need other groups and 
> individuals to re-run the tests and independantly verify their success. 

... My thought -- and indeed, by working through the packaging of
a self-installing test suite for (first) the FIPS 151-2 [POSIX-1]
test suite, and others as appropiate, we allow for any user to
evaluate the 'goodness' of a given vendor's or packager's
implementation -- there is no hiding from an ERROR or WARNING

> We also need (in the instance of NIST/VSX) a Self Certification 
> kit for use by customers and
> users wanting to check to see if an updated has broken Linux. I would
> submit that this work is vital to both the sucess of
> the Standardisation effort and also to Linux. A Single Linux is 
> in everyones interest.

... Ultimately, something like the LSB will probably need to 'pay
the dane geld' to become an 'official' certification entity, to
those standards entities which 'really matter' -- or BETTER -- by
pushing compliance with a given set of test suites, the good will
drive the inferior out of the market -- a reverse Gresham's law,
if you will ...

> Well,
> almost; everyone except those producing Commercial Distributions!

... Even there, I think -- while monopolistic market dominance
seems a compelling model, consider:

    closed Apple OS's       v. open Linux
    closed IBM MicroChannel v. open ISA/VESA/PCI
    closed Microsoft WinAPI v. open X/Motif/TK/TCL
    closed IBM REXX         v. open PERL

   There is room in the market for those who will sell quality and
stability, those who will support it, and those who will extend

> BTW: Do you have a more permenant address other than usa.net?

... Actually, I have several, but with fetchmail gathering my mail
from all over, I prefer that, or:


And Ian had remarked that, as he saw it, the only sustained
economic source
which Open Source/Free Software will produce, is in the Support

Consider this encouragement to consider the economics of whom the
beneficiary of the testing work will be:

(By Ian)
At 04:58 PM 8/31/98 -0400, Russ wrote:

>Ian -- I had spoken after our call this AM with Stuart, as well,
>and have his consent to toss my mail to you of 10:30 this morning
>into lsb-test@lists.debian.org ...

>Obviously, this affects you as well, and I thought that I would
>extend the remarks encouraging a thread on "" the ultimate
>economics of "the Bazaar' -- is it just support work ?  ""

This would be interesting to watch, although the LSB list seems to
"the converted".  
               IBM's (I think) comment that "Linux is used where
isn't spent" and the high level of sceptism by the Distribution
(who are alarmed by the way that the price of Linux software falls
the floor - 1.95 for *two* CD's etc) makes me think that 

                                          we need folk
outside of the religiously inclined to enter the debate. This way
we get
some *different* views. Just 10c worth.  

                                   Either way, I'd be interested
the outcome of the debate.


So, let's have at it ...

 .-- -... ---.. ... -.- -.--
Copyright (C) 1998 R P Herrold
      herrold@usa.net  NIC: RPH5 (US)
   My words are not deathless prose, 
      but they are mine.

   Owl River Company  614 - 221 - 0695
   "The World is Open to Linux (tm)"
   ... Open Source LINUX solutions ...
         Columbus, OH

Reply to: