[cgl_discussion] CGL RD 2.0 doc review

John Mehaffey mehaf at mvista.com
Mon Dec 1 14:51:40 PST 2003 

OK, I have completed most of my study of the 2.0 CGL RD (Version
2.0, Ratified Publication Version - 9/23/2003), comments are in
reference to 1.1 CGL RD (Version Date 10/31/02).

This email contains all of my previously submitted comments.

Best Regards,
John Mehaffey
MontaVista Technical Marketing

I. Incorrect references:
   1. Reference to wrong section
     a) PLT.1.0 should reference 2.1.3
     b) AVL.3.2 should reference 3.8.1
     c) AVL.3.3 should reference 3.8.2
     d) AVL.3.4 should reference 3.8.3
     e) AVL.3.6 should reference 3.8.4
     f) AVL.3.7 should reference 3.8.4
     g) AVL.4.0 should reference 4.10
     h) PLT.4.0 should reference 2.3
     i) PLT.5.0 should reference 2.6.2
     j) SVC.2.0 should reference 4.9.3
     k) SVC.5.2 should reference 4.12
     l) PRF.3   should reference 6.3
     m) TLS.1.0 should reference 5.2
     n) TLS.2.1 should reference 5.4.2
     o) TLS.2.2 should reference 5.4.3
     p) CFH.5.0 should reference 3.9
     q) Section 8, ID 3.1 should be 3.1.1
     r) CSM.cfs should reference 3.12
     s) SVC.diags.0 should reference 4.9

   2. Reference to non-existent section
     a) AVL.3.1
     b) AVL.3.5
     c) AVL.3.8
     d) SVC.5.1
     e) PRF.3.1
     f) PRF.3.2
     g) Section 8, ID 35.2 (no mention of requirement in v1.1)
     h) CSV.dlm
     i) CSV.ev

   3. Reference missing
     a) PRF.4.0 should reference 6.9
     b) PRF.5.0 should reference 6.10
     c) PRF.8.0 should reference 6.8 (P2 in v1.1)
     d) AVL.fast.1 should reference 4.7 (P2 in v1.1)

II. Typos
   1. STD.2.20
     a) Statement that "This functionality is used in POSIX Timers" is
        incorrect.  Suggest using "POSIX Threads", or deleting comment.
   2. Table 7 (page 94) - Requirements Carried Forward Unchanged
     a) 2.1.1 Requirement name was "Hot Insert"
     b) 2.1.2 Requirement name was "Hot Remove"
     c) 3.21 should be 3.2.1
     d) 3.21 Requirement name was "Watchdog Timer Interface Requirements"
   3. ACC.3.0
     a) "Buffer Overflows" is awkward, suggest "Buffer Overflow"
   4. CON.6.0
     a) "Secure Integrity Verification Of Binaries Before Loading Them" is
        awkward, suggest "Verification of Binaries Before Loading"

III. Missing sequence numbers
     a) CFH.1
     b) CON.4
     c) CSM.1
     d) SVC.4

IV. Ignored v1.1 Requirements
     a) 1.3   (P1) POSIX 1003.25 Event Logging
     b) 1.7.1 (P2) IPv6 additional RFCs
     c) 1.7.2 (P2) IPSecv6 additional RFCs
     d) 1.7.3 (P2) MIPv6 additional RFCs
     e) 1.9   (P3) SAF Proposed Standards Compliance
                   (Part of standard included, see PLT.3.0, CCM.2)
     f) 2.1.3.1 (P1) System Device Enumeration Specification
     g) 2.1.3.2 (P1) System Device Enumeration Framework
     h) 2.7   (P2) Automatic Alternate Boot
     i) 2.8   (P2) Hyperthreading of CPUs
     j) 3.1.2 (P1) Sample Hardened Device Driver
     k) 3.2.2 (P2) Watchdog Timer Pre-Timeout Interrupt
     l) 4.1.1 (P1) Resource Monitor Specification
     m) 4.1.2 (P1) Resource Monitor Framework
     n) 4.1.3 (P1) Resource Monitor Subsystems
     o) 4.1.4 (P1) Resource Monitor Data Persistence
     p) 4.1.5 (P1) Resource Monitor Performance
     q) 5.3.2 (P2) Kernel Debugger Authentication
     r) 5.8   (P2) Multithreaded Core Dump Support for Threaded Applications
     s) 6.4.1 (P2) Concurrent Timers Scaling Behavior and Report
     t) 6.4.2 (P2) Concurrent Thread Scaling Behavior and Report
     u) 6.4.3 (P2) Concurrent Process Scaling Behavior and Report
     v) 6.5.1 (P2) Enhancements for High Concurrent Timer Scaling
     w) 6.5.2 (P2) Enhancements for High Concurrent Thread Scaling
     x) 6.5.3 (P2) Concurrent Process Scaling
     y) 6.5.4 (P2) SMP and Lock Contention Scaling
     z) 6.6   (P2) Kernel I/O Performance Analysis

V. Parallel Structure
    1. Capitalization inconsistent for prepositions (of, and, for) in
       Requirement Names
       Most of doc does not capitalize prepositions, but many security
       definitions capitalize all words (starting with CON.3.0)
    2. Support
       Most of the document does not use the word "support", but
       (especially later in the document) many requirements use support,
       support for, or support of.  Recommend dropping the word support
       where possible, and parallel usage where not (ie just use
       "<technology> support", rather than a mixture of "support of
       <technology>", "support for <technology>", etc.
       Example (page 81): CON.2.0 "Support for IKE" could just be
       "Internet Key Exchange" or even just "IKE"
       Example2 (same page): CON.5.0 "PF_KEY support" could be
       "PF_KEY Management"
    3. Priority sections
       Many of the items in the Priority 1 Requirements part of the
       General Systems Requirements section are actually priority 2,
       and even priority 3.
       (Examples: AVL.3.6, AVL.3.7, SVC.1.6)

VI.  ID issue for items carried forward
      Items carried forward (Section 7) should have IDs consistent with
      the IDs of the rest of the 2.0 specification. For Example, category
      platform, item 2.2 (Remote boot support) should have a PLT.x.y
      number.

More information about the cgl_discussion mailing list