> Last year the IEEE > dropped the standard, because it was not clear when the > standards would ever be finished. A technically accurate statement, but woefully incomplete. IEEE-CS PASC, the committee which develops the POSIX family of standards, withdrew sponsorship of the 1003.1e and 1003.2c projects for a very simple reason: nothing had happened with respect to completion of those standards for a very long time. A more useful question to ask is "Why?" After all, quite a few other POSIX standards were completed between the time 1003.1e was originally sponsored (as 1003.6 more than ten years ago). 1) Lack of consensus due to conflicting existing practice. In some areas covered by the specification, vendors of POSIX-conforming systems had wildly varying interfaces. Because they all had well-entrenched user bases, and since the customers using those interfaces were few and unwilling to spend much money, there was no good for a vendor to spend money to implement a new interface to the same underlying functionality. Too few customers, and a low probability that *all* of them would migrate to the new interface so the vendor could drop support for the old one. 2) Lack of existing practice. Some interfaces included the specification were, bluntly speaking, pure invention. Rather than base their work on existing practice, *anyone's* existing practice, the committee put together a theoretically good interface. The lack of existing practice is a strong statement that "no one cared"; if there were enough customers with enough money demanding solutions to those problems, some vendor would have gone after the solution. 3) "Overcome by events." Some aspects of the POSIX security work were aimed directly at the US Governments TCSEC (Trusted Computer Security Evaluation Criteria) - the C2/B1/etc thing. The current state of the world shows the TCSEC fading in importance, with different criteria for the evaluation of the security of a system coming to a fore. > However, there are very interesting ideas described in > those documents and they provide a good starting point when > adding better security mechanisms to Unix. Perhaps. And perhaps they should be looked at very closely to see which remain good starting points and which should be consigned to oblivion. Don't get me wrong - I think the discretionary access control parts of 1003.1e are pretty good. Were the various participants in the work willing to split that part off from the rest of the document, that might have completed ballot years ago. > So I made an agreement with the IEEE, which > allows me to offer the unfinished standards works for public > downloading. > The address is http://www.guug.de/~winni/posix.1e/download.html > Please note, that re-distribution is not allowed. This is indeed good news. > The agreement was made possible by the help of Mary Shepherd > (IEEE) and > Casey Schaufler (SGI), the former technical editor of the > standard. I want > to thank both for their work and the IEEE for their generous gesture. Absolutely. This is more evidence that the IEEE continues to increase their awareness of the way POSIX standards are used in the real world and of their increasing willingness to make standards more available. Jason Zions Chair, PASC System Services Working Group (I am not speaking on behalf of any IEEE or PASC entity)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:23 PDT