From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 109fba,df854b5838c3e14
X-Google-Attributes: gid109fba,public
X-Google-Thread: 1014db,df854b5838c3e14
X-Google-Attributes: gid1014db,public
X-Google-Thread: 10db24,fec75f150a0d78f5
X-Google-Attributes: gid10db24,public
X-Google-Thread: 103376,df854b5838c3e14
X-Google-Attributes: gid103376,public
From: karish@pangea.Stanford.EDU (Chuck Karish)
Subject: Re: POSIX/Unix conformance (was: ANSI C and POSIX ...)
Date: 1996/04/12
Message-ID: <4kkco2$i8m@nntp.Stanford.EDU>#1/1
X-Deja-AN: 147023855
references: <JSA.96Feb16135027@organon.com> <dewar.828987795@schonberg>
 <4kcf2q$mll@solutions.solon.com>
 <emery-0804961940190001@line297.nwm.mindlink.net>
organization: Mindcraft, Inc.
newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu
Date: 1996-04-12T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <emery-0804961940190001@line297.nwm.mindlink.net>,
David Emery <emery@grebyn.com> wrote:

>U.S. NIST has developed a set of validation procedures based on commercial
>testing.  A POSIX validation tester submits his test suite to NIST, and NIST
>'validates' this suite against the test assertions.  The test suite itself
>remains the property of the testing organization.  The goal of the NIST
>'validation' is to certify the testing organization as acceptable to issue
>NIST FIPS conformance certificates for the implementation.  NIST maintains a
>list of conforming POSIX/FIPS 151-2 implementations.  

This isn't exactly how the NIST POSIX.1 (FIPS 151-2) certification
program works.  This program uses a test suite that was developed by
NIST and which is available to system vendors for a reasonable price
($4500).  Testing is done by third-party laboratories (including
my employer, Mindcraft, Inc.), not by NIST.

The situation is different for NIST C (FIPS 160) testing, which is
done by NIST using a privately-owned test suite.

>This differs from Ada testing in a critical way:  For Ada validation, the
>test suite iteself is freely available.  It is (relatively) easy to verify
>that an Ada validation (ACVC) test matches the standard, and there is a 
>single test suite for all validations.  For POSIX testing, each tester has
>his own test suite, and we have to trust NIST and the testing vendor that
>the vendor's test actually tests POSIX compliance.  

Again, anyone can buy NIST's FIPS 151-2 test suite and read the
source.  They are good about fixing it when customers point out
errors.
--

    Chuck Karish          karish@mindcraft.com
    (415) 323-9000 x117   karish@pangea.stanford.edu