Re: [Fed-Talk] Air Force Portal Access
Re: [Fed-Talk] Air Force Portal Access
- Subject: Re: [Fed-Talk] Air Force Portal Access
- From: Michael Kluskens <email@hidden>
- Date: Tue, 28 Apr 2009 09:58:12 -0400
On Apr 28, 2009, at 1:55:36 AM, Rafael Burgos wrote:
I appreciate your time and info, but I got to say that it seems
enough people have beta-tested and bug-reported Leopard over the
last 2 years with regards to its implementation of smart card support.
It appears the vast majority of the bug reporting of CAC problems was
after the public releases. If Apple had more seed testers with DoD
CAC cards and the time to test we should not have seen public releases
of 10.5.x with the problems we saw, especially 10.5.3.
Considering the regression in smart card usability going from Tiger
to Leopard,
Part of that usability was an insecure design (CVE-2008-1580). Now
Apple at some level made a design decision with regards to optional
certificates which is just short of unworkable with DoD web sites,
perhaps it makes sense for some other more customer oriented type of
site, commerce and banking sites?
I personally don't hold high hopes that Snow Leopard will be
anything better than Leopard with regards to this issue. An ADC
membership is too high of a premium for some just to get things to
work as advertised.
An ADC membership is free <http://developer.apple.com/products/mac/program/
>. However, the free ADC online membership does not automatically
get you access to Snow Leopard or any other seed program.
Only paid Select and Premier ADC membership gets you access to the
seeding programs immediately.
The problem I see is that not many DoD CAC card holders have paid ADC
memberships and the time to seed test (my guess is roughly 8 to 16
hours per week based on the time to prepare and submit bug reports for
released projects and expected increase in bug reports of betas versus
released products). Remember that most of the computer support people
at DoD labs are contractors without CAC cards and in any case they
don't get paid to beta test non-government software usually. So you
have three barriers to getting DoD CAC cards working well in OS X
besides the fact that certain functionally is not within the design
goals of OS X and left to third-party products. There is always a
balance between adding functions to an OS and not taking away the
market of third-party developers.
However, if you get a free ADC online membership and submit good bug
reports <https://bugreport.apple.com/> for released products you have
a chance of getting invited into a seed program; however, it is a
different seed program then the developers get into. But that is not
to say it is any better or worse then the paid access, just it's
separate program and it appears that that program has one active
tester who is also a CAC card holder.
In fact unless you develop the skills and make the time to submit bug
reports to <https://bugreport.apple.com/> using a free ADC account I
don't see any point in thinking you would do any better in the
Appleseed program (odds are you should be submitting at least ten
times as many bug reports in the Appleseed program as you would with
released programs).
Michael Kluskens
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden