[cgl_discussion] CGL RD 2.0 doc review
John Mehaffey
mehaf at mvista.com
Mon Dec 1 14:51:40 PST 2003
OK, I have completed most of my study of the 2.0 CGL RD (Version
2.0, Ratified Publication Version - 9/23/2003), comments are in
reference to 1.1 CGL RD (Version Date 10/31/02).
This email contains all of my previously submitted comments.
Best Regards,
John Mehaffey
MontaVista Technical Marketing
I. Incorrect references:
1. Reference to wrong section
a) PLT.1.0 should reference 2.1.3
b) AVL.3.2 should reference 3.8.1
c) AVL.3.3 should reference 3.8.2
d) AVL.3.4 should reference 3.8.3
e) AVL.3.6 should reference 3.8.4
f) AVL.3.7 should reference 3.8.4
g) AVL.4.0 should reference 4.10
h) PLT.4.0 should reference 2.3
i) PLT.5.0 should reference 2.6.2
j) SVC.2.0 should reference 4.9.3
k) SVC.5.2 should reference 4.12
l) PRF.3 should reference 6.3
m) TLS.1.0 should reference 5.2
n) TLS.2.1 should reference 5.4.2
o) TLS.2.2 should reference 5.4.3
p) CFH.5.0 should reference 3.9
q) Section 8, ID 3.1 should be 3.1.1
r) CSM.cfs should reference 3.12
s) SVC.diags.0 should reference 4.9
2. Reference to non-existent section
a) AVL.3.1
b) AVL.3.5
c) AVL.3.8
d) SVC.5.1
e) PRF.3.1
f) PRF.3.2
g) Section 8, ID 35.2 (no mention of requirement in v1.1)
h) CSV.dlm
i) CSV.ev
3. Reference missing
a) PRF.4.0 should reference 6.9
b) PRF.5.0 should reference 6.10
c) PRF.8.0 should reference 6.8 (P2 in v1.1)
d) AVL.fast.1 should reference 4.7 (P2 in v1.1)
II. Typos
1. STD.2.20
a) Statement that "This functionality is used in POSIX Timers" is
incorrect. Suggest using "POSIX Threads", or deleting comment.
2. Table 7 (page 94) - Requirements Carried Forward Unchanged
a) 2.1.1 Requirement name was "Hot Insert"
b) 2.1.2 Requirement name was "Hot Remove"
c) 3.21 should be 3.2.1
d) 3.21 Requirement name was "Watchdog Timer Interface Requirements"
3. ACC.3.0
a) "Buffer Overflows" is awkward, suggest "Buffer Overflow"
4. CON.6.0
a) "Secure Integrity Verification Of Binaries Before Loading Them" is
awkward, suggest "Verification of Binaries Before Loading"
III. Missing sequence numbers
a) CFH.1
b) CON.4
c) CSM.1
d) SVC.4
IV. Ignored v1.1 Requirements
a) 1.3 (P1) POSIX 1003.25 Event Logging
b) 1.7.1 (P2) IPv6 additional RFCs
c) 1.7.2 (P2) IPSecv6 additional RFCs
d) 1.7.3 (P2) MIPv6 additional RFCs
e) 1.9 (P3) SAF Proposed Standards Compliance
(Part of standard included, see PLT.3.0, CCM.2)
f) 2.1.3.1 (P1) System Device Enumeration Specification
g) 2.1.3.2 (P1) System Device Enumeration Framework
h) 2.7 (P2) Automatic Alternate Boot
i) 2.8 (P2) Hyperthreading of CPUs
j) 3.1.2 (P1) Sample Hardened Device Driver
k) 3.2.2 (P2) Watchdog Timer Pre-Timeout Interrupt
l) 4.1.1 (P1) Resource Monitor Specification
m) 4.1.2 (P1) Resource Monitor Framework
n) 4.1.3 (P1) Resource Monitor Subsystems
o) 4.1.4 (P1) Resource Monitor Data Persistence
p) 4.1.5 (P1) Resource Monitor Performance
q) 5.3.2 (P2) Kernel Debugger Authentication
r) 5.8 (P2) Multithreaded Core Dump Support for Threaded Applications
s) 6.4.1 (P2) Concurrent Timers Scaling Behavior and Report
t) 6.4.2 (P2) Concurrent Thread Scaling Behavior and Report
u) 6.4.3 (P2) Concurrent Process Scaling Behavior and Report
v) 6.5.1 (P2) Enhancements for High Concurrent Timer Scaling
w) 6.5.2 (P2) Enhancements for High Concurrent Thread Scaling
x) 6.5.3 (P2) Concurrent Process Scaling
y) 6.5.4 (P2) SMP and Lock Contention Scaling
z) 6.6 (P2) Kernel I/O Performance Analysis
V. Parallel Structure
1. Capitalization inconsistent for prepositions (of, and, for) in
Requirement Names
Most of doc does not capitalize prepositions, but many security
definitions capitalize all words (starting with CON.3.0)
2. Support
Most of the document does not use the word "support", but
(especially later in the document) many requirements use support,
support for, or support of. Recommend dropping the word support
where possible, and parallel usage where not (ie just use
"<technology> support", rather than a mixture of "support of
<technology>", "support for <technology>", etc.
Example (page 81): CON.2.0 "Support for IKE" could just be
"Internet Key Exchange" or even just "IKE"
Example2 (same page): CON.5.0 "PF_KEY support" could be
"PF_KEY Management"
3. Priority sections
Many of the items in the Priority 1 Requirements part of the
General Systems Requirements section are actually priority 2,
and even priority 3.
(Examples: AVL.3.6, AVL.3.7, SVC.1.6)
VI. ID issue for items carried forward
Items carried forward (Section 7) should have IDs consistent with
the IDs of the rest of the 2.0 specification. For Example, category
platform, item 2.2 (Remote boot support) should have a PLT.x.y
number.
More information about the cgl_discussion
mailing list