| *** fay_ has joined #trustable | 08:00 | |
| *** ctbruce has joined #trustable | 08:05 | |
| *** locallycompact has joined #trustable | 09:13 | |
| jmacs | ChrisPolin: You mentioned that someone had already coded PCI into OpenControl - is it public? | 10:08 |
|---|---|---|
| ChrisPolin | It is indeed, however further inspection reveals that it doesn't contain any of the narrative text within the standard. | 10:09 |
| ChrisPolin | https://github.com/opencontrol/PCI-DSS-Certifications | 10:09 |
| ChrisPolin | Nope, disregard, it does contain the text. | 10:10 |
| ChrisPolin | The NIST one doesnt. | 10:10 |
| jmacs | A lot of the ones I've seen are just skeletons | 10:11 |
| jmacs | This is weird; keys named 'Requirement 10' and '10.2.4' | 10:12 |
| paulsher1ood | actually, maybe the skeleton approach is a way we could avoid the derivative work problem... | 10:17 |
| paulsher1ood | maybe have description: be a precis of the actual standard, and argue fair use | 10:18 |
| leeming | im assuming the paywall for standards isn't going to go away any time soon then? | 10:19 |
| leeming | which is... slightly depressing and restrictive | 10:19 |
| * paulsher1ood hasn't tried very hard to bring it down, yet | 10:19 | |
| jmacs | I don't think "fair use" exists in our country | 10:40 |
| leeming | Gerald Harris raises some interesting points on the mailing list, re mustard/requirements capture | 10:40 |
| jmacs | Personally I hold copyright in high regard and am very reluctant to try and bend it, since it underpins all open source licences | 10:41 |
| jmacs | I think Gerald is correct about Mustard; his proposed use is what I'd expected Mustard to be used for | 10:53 |
| jmacs | I'll fire off a reply when I've formulated a calm argument about C++ | 10:53 |
| jmacs | The closed nature of all standards is becoming a sticking point | 10:55 |
| leeming | yes, annoyingly a lot of safety critical software is behind closed doors, standards and certs included | 10:58 |
| ChrisPolin | It does pose a problem for open source trustable software. As I see it, you can only trust it as far as the paywall. | 10:59 |
| leeming | very similar issue to academia though ChrisPolin ? at least there is a movement onto open publishing (forget the name) | 11:16 |
| leeming | open access | 11:16 |
| ChrisPolin | That's true. | 11:17 |
| ChrisPolin | Open Access costs a fortune in itself though. | 11:17 |
| ChrisPolin | But then, so do these standards, so the analogy holds | 11:18 |
| leeming | yes, it is about who foots the bill | 11:51 |
| rjek | Bubblewrap whoops http://www.openwall.com/lists/oss-security/2016/10/12/5 | 13:26 |
| tiagogomes_ | That exploit is not fixed yet in master | 13:33 |
| * leeming notices he has lost the freenode channel that he discusses bwrap in | 14:44 | |
| * leeming assumes lars is aware | 14:45 | |
| leeming | lars/alex | 14:45 |
| *** fay_ has quit IRC | 15:46 | |
| jmacs | Did we see https://www.open-scap.org/ yet? | 16:32 |
| jmacs | I remember SCAP being mentioned in the webinar but hadn't seen that site | 16:35 |
| jmacs | I wrote something about schema validation: https://gitlab.com/trustable/overview/wikis/validating-schemas-in-yaml | 16:53 |
| jmacs | Not directly related to trustable software but it's been one of my main problems recently | 16:54 |
| *** locallycompact has quit IRC | 17:26 | |
| *** ctbruce has quit IRC | 20:55 | |
| *** ctbruce has joined #trustable | 20:55 | |
| *** leeming has quit IRC | 21:19 | |
| *** leeming has joined #trustable | 21:23 | |
| *** ctbruce has quit IRC | 21:31 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!