7-Zip - approved for DoD use?
Streithorst, Kip
Trying to use 7-Zip for one of my projects and was curious if anyone on the list was using it on DoD systems or knew if it was already approved for use somewhere else to help my cause. Specifically, http://www.7-zip.org/
By the way, is there a good list of approved OSS software? I couldn’t find one. I really hate having to ask here. Are there plans to make one? Should we (Mil-OSS) focus on that?
Thanks,
Kip
This message and any enclosures are intended only for the addressee. Please notify the sender by email if you are not the intended recipient. If you are not the intended recipient, you may not use, copy, disclose, or distribute this message or its contents or enclosures to any other person and any such actions may be unlawful. Ball reserves the right to monitor and review all messages and enclosures sent to or from this email address.
John Scott
its really needed, need more tech awareness in general around OSS, a number of projects/tools are in use but no living census
------------------------------------------------------------------
John Scott
< johnm...@mindspring.com >
< jms...@gmail.com >
ph 240.401.6574
Kit Plummer
DoD-recommendation rating, C&A level, and proprietary alternatives?
John Scott
Would need to create a data store
Kit Plummer
widget, and mobile app - to make the data easily accessible. I'd
imagine there's a administrative interface as well, for managing the
process. Could use a crowdsource-y interface for submissions.
Aaron Lippold
Aaron Lippod
Aaron Lippold
John Stanton
A DoD approved OS Software list would fall within the need for DoD
"Open Source Infrastructure (OSI)." Getting specific OSS components
thru the/any DoD software security approval processes requires a
$$$ investment in a new, supporting OS infrastructure process.
Reference recent DoD-CIO OSS guidance memo snip below intended
to identify OSS barriers. 7-Zip has now encountered such a barrier.
An OSS security approval infrastructure in the DoD does not exist, yet.
When I log onto my DoD network, theres a little pop-up warning me
about going to federal prision if any DoD unapproved software is
downloaded and then executed. That's kinda where it's all still at ...
for now, anyway. Things will change here with OSS, I'm sure...
Like my Daddy used to say - "Boy! Government only has two speeds,
slow and reverse. Folks go nuts trying
to find that third speed. It ain't there."
We've made good OSS headway lately. We're in "slow" now, but we
we're not in reverse anymore, and that's good, eh?
Regards - John (Web 7.0 early adopter)
...
I have asked the Director, Enterprise Services & Integration, to work with your
staffs and identify other barriers to the effective use of open source software within the
Department, so we can continue to increase the benefits from the use of OSS.
...
Subject: [mil-oss] 7-Zip - approved for DoD use?
Date: Fri, 6 Nov 2009 11:23:02 -0500
From: KSTR...@ball.com
To: mil...@googlegroups.com
Kyle Harrigan
route: http://www.navicasoft.com/pages/osmm.htm
I'm not sure if this is worth anything, but I recall reading this
guy's book awhile back and the ideas seemed sound and there was at
least some approach given to evaluating OSS solutions against some
criteria.
I think it might need to be extended to include DoD specific concerns,
but that's pretty straightforward.
For all I know something like this already exists, but the pessimist
in me says no.
Richard Bullington-McGuire
An empirical study on selection of Open Source Software - Preliminary results
|
|
International Conference on Software Engineering
archive Proceedings of the 2009 ICSE Workshop on Emerging Trends in Free/Libre/Open Source Software Research and Development table of contents
Pages 42-47
Year of Publication: 2009
ISBN:978-1-4244-3720-7
| |
Comparative assessment of open source software using easy accessible data
Polancic, G. Horvat, R.V. Rozman, T.
Fac. of Electr. Eng. & Comput. Sci., Maribor Univ.;
This paper appears in: Information Technology Interfaces, 2004. 26th International Conference on
Publication Date: 10-10 June 2004
On page(s): 673-678 Vol.1
Location: Cavtat,
ISBN: 953-96769-9-1
INSPEC Accession Number: 8303227
Digital Object Identifier: 10.1109/ITI.2004.242703
Current Version Published: 2005-01-10
http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1372499
Richard Bullington-McGuire | Director of Technology | Three Pillar Software, Inc.
mobile: 571.236.0938 | fax: 703-564-5595 | PGP key ID: 0xDAC3028E
richard.bulli...@threepillarsoftware.com | www.threepillarsoftware.com
Wheeler, David A
I describe a simple evaluation process for Free/Libre/Open Source Software (FLOSS) here:
http://www.dwheeler.com/oss_fs_eval.html
From there, I link to a number of *other* evaluation processes for FLOSS.
However, most evaluations processes try to determine “is this particular program suitable for specific use X”?
A “generally recognized as safe/mature” (GRAS/GRAM) list obviously can’t do that, since it doesn’t have the information on the specific use. Thus, I’d expect a GRAS/GRAM list to have a slightly different process than one for selecting a product for a specific use… but I’d also expect that a GRAS/GRAM list would reuse relevant pieces of specific-use evaluation processes.
I think it’d be best to identify a set of criteria for getting on a GRAS/GRAM list. These criteria should be clear, easily-justified (“why is THAT important”) and relatively-easily-verified (“did it MEET the criteria?”). And there should be enough criteria that it would filter out clearly inappropriate components, making the list worth *using*.
--- David A. Wheeler
AndySocial
system) but one of the high side systems I work on has both 7-zip and
Notepad++ installed. The sysad is a very careful man, and the system
is accredited through NSA, so at least THEY are okay with 7-zip.
Naturally, this means nothing on a system accredited through any other
agency. The USAF-accredited systems don't allow 7-zip or Notepad++,
for instance. This lack of a centralized repository is a bit
frustrating.
On Nov 6, 11:23 am, "Streithorst, Kip" <KSTRE...@ball.com> wrote:
> Trying to use 7-Zip for one of my projects and was curious if anyone on
> the list was using it on DoD systems or knew if it was already approved
John Stanton
<9F8E44BC27E22046B84EC...@EXCH07-4850.ida.org>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Here's one non-metric-based(1) OSS evaluation cribsheet
=A0I put together. Kind of a bronze age thingy. Open for
=A0suggested additions.
=A0
1 Leadership & culture
2 Vitality of community
3 Quality of end-user support
4 Extent & scope of documentation
5 Quality of packaging
6 Market momentum
7 Quality of code & design
8 Quality of product architecture
9 Testing practices
10 Integration with other products
11 Support for standards - Measurable commitment
12 Quality of project site
13 License type
14 Age
15 Multiple supported platforms
16 Sustained popularity
17 Measurable design quality
18 Setup costs
19 Usage costs
20 End-user support costs
21 Modularity
22 Collaboration with other OSS products
23 Developer support and defect density
"There are only three kinds of people in this world.
=A0 Those good with numbers and those who aren't."
=
John Stanton
<60c447ad-fa2c-4940...@k19g2000yqc.googlegroups.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Themagnificent "DoDOSS break-out" could easily get
=A0besmirchified=3B visibly and broadly discounting OSS=20
=A0so as to serve the OSS-naysayers should this list get
=A0"tagged" as containing classified DoD system specifics.
=A0
OSS still remains broadly suspicious=2C lets not give 'em
=A0a solid excuse reason to act out their OSS fears and
=A0set back the great work that has been accomplished
=A0to-date by the brave and heroic=2C Respectfully - John
=
John Stanton
<BAY126-W2074D37F5...@phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
=A0The magnificent "DoD-OSS break-out" could easily get
=A0 besmirchified=2C visibly and broadly discounting OSS=2C
=A0 so as to serve the OSS-naysayers=2C should this list get
=A0 "tagged" as containing classified DoD system specifics.
=A0
=A0OSS in DoD remains broadly suspicious. Let's not give
=A0 a usable excuse - a reason to act out their OSS fears to
=A0 set back the great work that has now been accomplished
=A0 by the few brave and heroic that got us here=2C=20
Respectfully - John
=
John Stanton
<60c447ad-fa2c-4940...@k19g2000yqc.googlegroups.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
1) Most thick slugs of paper I've seen containing the
=A0=A0=A0=A0 anaysis=2C guidance and approval for running a piece
=A0=A0=A0=A0 of software are often about one inch thick (+/-).
2) A few years ago=2C SourceForge.com had about 68=2C000
=A0=A0=A0=A0 downloadable OSS product. Additional Forge-like
=A0=A0=A0=A0 site and a few years later=2C I'm putting the number
=A0=A0=A0=A0 at 3-400=2C000 now.=A0 Soon=2C we'll see 500=2C000=2C so shuck=
s=2C
=A0=A0=A0=A0 let's go with 500=2C000 downloadable OSS products=2C
=A0=A0=A0=A0 pieces=2C components=2C structures=2C call them many
=A0=A0=A0=A0 things and that's just fine.
3) Assuming a mere two percent (2%) of downloadable
=A0=A0=A0=A0 OSS byte-bounty makes DoD "evaluation-cut=2C" and
=A0=A0=A0=A0 it meets mission requirements=2C etc.=2C yadda=2C yadda=2C
=A0=A0=A0=A0 results in 10=2C000 candidate DoD-OSS cyber-snacks.
4) 10=2C000 candidate DoD-OSS at one inch per DoD security
=A0=A0=A0=A0 package =3D 278 yards=2C or 0.16 miles of paper.=20
=A0=A0=A0=A0 Assuming 200 sheets of paper per package x 10=2C000
=A0=A0=A0=A0 candidate OSS =3D 2=2C000=2C000 sheets of paper x 11 inches
=A0=A0=A0=A0 paper length =3D 22=2C000=2C000 length inches of paper=2C or
=A0=A0=A0=A0 347 miles=2C if layed end-to-end. But wait ... are we done?
5) NOOOOOOOOOOOOO!=A0 Look at studies & deliverables
=A0=A0=A0=A0 paid for in government. When it's all said and done=2C
=A0=A0=A0=A0 they're about $100=2C000 an inch=2C and that's modest=2C
=A0=A0=A0=A0 the total kinda looks like=A0 - ONE BILLION DOLLARS=2C
=A0=A0=A0=A0 or 10=2C000 x $100=2C000 an inch=2C the going pulp rate.
6) Now=2C this is where=2C quite often=2C "the problem" can get
=A0=A0=A0=A0 scaled-back=3B dumbed-down=3Bor=A0 flat-out denied.=A0 Sometim=
es
=A0=A0=A0=A0 it's about neutering the problem to fit into inadequate tools=
=2C
=A0=A0=A0=A0 or=A0 ... recalculating the problem to fit a budget or align
=A0 =A0=A0 within smaller human brain domains of understandings.
=A0=A0=A0=A0 Avoid the - "If we don't like answer=2C scale-down original
=A0=A0=A0=A0 problem to fit within some Rinky Dink domain" technique.
=A0=A0=A0=A0 This is an 'ole reliable - a classically styled=2C tool of den=
ial.
=A0=A0=A0=A0=A0 (I trust this will not happen with DoD-OSS.)
7) O.K. THEN! Let's assume either the math was flawed=3B this
=A0 =A0=A0 is ALL NUTS=2C and then compensate (correct) the whole mojo=3B
=A0=A0=A0=A0 and "dumb-down" the problem so all of the children of the
=A0=A0=A0=A0 world might wrap brain upon it - CUT ONE BILLION BY 90%=A0 =3D=
=20
=A0=A0=A0=A0 $100=2C000=2C000 or ONE HUNDRED MILLION DOLLARS=2C
=A0 =A0=A0 just for the Starter G.I. Joe Combat Net-Centric OSS Kit=2C w/
=A0=A0=A0=A0 extra action figures - OR -=A0 the first 50 yard portion of
=A0 =A0=A0 paving the Yellow Brick Road leading to Emerald OSS
=A0=A0=A0=A0 City - serious=2C real=2C usable=2C basic DoD-OSS no-smoke=2C
=A0=A0=A0=A0 no joke DoD-OSS infrastructure ...=A0 we can actually use.
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20
It just got kinda "unsimple" there for a moment=2C eh?=20
OSS! I didn't do it - John
=
Kit Plummer
John Stanton
<1923B9B9-99D3-422B...@gmail.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
=A0=A0=A0 This has GOT to be the ghost of Goggle in GoggleGroups=2C not ME!=
!!! <grin>
=A0=A0=A0 I'll sort out the mess I sent and resend it in the future...
----------------------------------------
> Subject: [mil-oss] Re: THE OPEN SOURCE SOFTWARE APPROVED FOR DOD USE - - =
- "GRAND OSS SECURITY CHALLENGE!"
> From: kitpl...@gmail.com
> Date: Tue=2C 10 Nov 2009 22:10:21 -0700
> To: mil...@googlegroups.com
>
>
> Not sure what you're using for an email client=2C but here's the end resu=
lt:
> On Nov 10=2C 2009=2C at 9:55 PM=2C John Stanton wrote:
>
>>
>>
>> <60c447ad-fa2c-4940...@k19g2000yqc.googlegroups.com>
>> MIME-Version: 1.0
>>
>>
>>
>> 1) Most thick slugs of paper I've seen containing the
ece
>> =3DA0=3DA0=3DA0=3DA0 of software are often about one inch thick (+/-).
>>
>> 2) A few years ago=3D2C SourceForge.com had about 68=3D2C000
>> =3DA0=3DA0=3DA0=3DA0 downloadable OSS product. Additional Forge-like
>> =3DA0=3DA0=3DA0=3DA0 site and a few years later=3D2C I'm putting the num=
ber
>> =3DA0=3DA0=3DA0=3DA0 at 3-400=3D2C000 now.=3DA0 Soon=3D2C we'll see 500=
=3D2C000=3D2C so shuck=3D
>> s=3D2C
>> =3DA0=3DA0=3DA0=3DA0 let's go with 500=3D2C000 downloadable OSS products=
=3D2C
>> =3DA0=3DA0=3DA0=3DA0 pieces=3D2C components=3D2C structures=3D2C call th=
em many
>> =3DA0=3DA0=3DA0=3DA0 things and that's just fine.
>> 3) Assuming a mere two percent (2%) of downloadable
>> =3DA0=3DA0=3DA0=3DA0 it meets mission requirements=3D2C etc.=3D2C yadda=
=3D2C yadda=3D2C
>> =3DA0=3DA0=3DA0=3DA0 results in 10=3D2C000 candidate DoD-OSS cyber-snack=
s.
>>
>> 4) 10=3D2C000 candidate DoD-OSS at one inch per DoD security
>> =3DA0=3DA0=3DA0=3DA0 package =3D3D 278 yards=3D2C or 0.16 miles of paper=
.=3D20
>>
>> =3DA0=3DA0=3DA0=3DA0 Assuming 200 sheets of paper per package x 10=3D2C0=
00
>> =3DA0=3DA0=3DA0=3DA0 candidate OSS =3D3D 2=3D2C000=3D2C000 sheets of pap=
er x 11 inches
>> =3DA0=3DA0=3DA0=3DA0 paper length =3D3D 22=3D2C000=3D2C000 length inches=
of paper=3D2C or
>> =3DA0=3DA0=3DA0=3DA0 347 miles=3D2C if layed end-to-end. But wait ... ar=
e we done?
>>
>> 5) NOOOOOOOOOOOOO!=3DA0 Look at studies & deliverables
>> =3DA0=3DA0=3DA0=3DA0 paid for in government. When it's all said and done=
=3D2C
>> =3DA0=3DA0=3DA0=3DA0 they're about $100=3D2C000 an inch=3D2C and that's =
modest=3D2C
>> =3DA0=3DA0=3DA0=3DA0 the total kinda looks like=3DA0 - ONE BILLION DOLLA=
RS=3D2C
>> =3DA0=3DA0=3DA0=3DA0 or 10=3D2C000 x $100=3D2C000 an inch=3D2C the going=
pulp rate.
>>
>> 6) Now=3D2C this is where=3D2C quite often=3D2C "the problem" can get
>> =3DA0=3DA0=3DA0=3DA0 scaled-back=3D3B dumbed-down=3D3Bor=3DA0 flat-out d=
enied.=3DA0 Sometim=3D
>> es
>> =3DA0=3DA0=3DA0=3DA0 it's about neutering the problem to fit into inadeq=
uate tools=3D
>> =3D2C
>> =3DA0=3DA0=3DA0=3DA0 or=3DA0 ... recalculating the problem to fit a budg=
et or align
>> =3DA0 =3DA0=3DA0 within smaller human brain domains of understandings.
>> =3DA0=3DA0=3DA0=3DA0 Avoid the - "If we don't like answer=3D2C scale-dow=
n original
>> =3DA0=3DA0=3DA0=3DA0 problem to fit within some Rinky Dink domain" techn=
ique.
>> =3DA0=3DA0=3DA0=3DA0 This is an 'ole reliable - a classically styled=3D2=
C tool of den=3D
>> ial.
>> =3DA0=3DA0=3DA0=3DA0=3DA0 (I trust this will not happen with DoD-OSS.)
>>
>> 7) O.K. THEN! Let's assume either the math was flawed=3D3B this
>> =3DA0 =3DA0=3DA0 is ALL NUTS=3D2C and then compensate (correct) the whol=
e mojo=3D3B
>> =3DA0=3DA0=3DA0=3DA0 and "dumb-down" the problem so all of the children =
of the
>> =3DA0=3DA0=3DA0=3DA0 world might wrap brain upon it - CUT ONE BILLION BY=
90%=3DA0 =3D3D=3D
>> =3D20
>> =3DA0=3DA0=3DA0=3DA0 $100=3D2C000=3D2C000 or ONE HUNDRED MILLION DOLLARS=
=3D2C
>> =3DA0 =3DA0=3DA0 just for the Starter G.I. Joe Combat Net-Centric OSS Ki=
t=3D2C w/
>> =3DA0=3DA0=3DA0=3DA0 extra action figures - OR -=3DA0 the first 50 yard =
portion of
>> =3DA0 =3DA0=3DA0 paving the Yellow Brick Road leading to Emerald OSS
>> =3DA0=3DA0=3DA0=3DA0 City - serious=3D2C real=3D2C usable=3D2C basic DoD=
-OSS no-smoke=3D2C
>> =3DA0=3DA0=3DA0=3DA0 no joke DoD-OSS infrastructure ...=3DA0 we can actu=
ally use.
>> =3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=3DA0=
=3DA0=3DA0=3DA0=3DA0=3DA0=3D20
>> It just got kinda "unsimple" there for a moment=3D2C eh?=3D20
>> OSS! I didn't do it - John
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>>
>
>
> >
=