I am not giving you my source at this point because it contains another 150 items wrong with X11 that block it from being certified against the current 27000 series that I am going to use individually. Lets say mSparks we have another 50 years ahead of us at the rate you are being able to clear them at least.

Really the google source you gave in fact shows it. You said xsecurelock only has a 2015 certificate. Why do other actively developed projects from google that had 2015 certificates that you can see in the wayback machine are now 2018 and newer. xsecurelock and other parts that cannot pass are outliers if you spend time reading. Yes the fact it had old certificate and majority of everything else had newer certificates should have had alarm-bells ringing in you head mSparks. Companies with well run 27000 process normally don't have outdated certificates unless they cannot get new versions. Yes the companies define of outdated change some are 3 some are 5 some are 10. Google is 5 years. So the 2017 certificates will be updated this year. 2015 certificate should have already been replaced. So 2 years ago the problem was show..

You said refer to this without noticing bugger me it proves that even google cannot make a X11 solution that can pass current 27000 series.

27000 has a lag between when the standard comes into existence and when at the latest you absolutely must follow it. We are in the lag at the moment.

In fact the screenlocker you picked the developer of that is clear that X11 screenlocker functionality is broken and google has no interest in fixing it. Yes google will migrate to Wayland at some point for their Linux workstations by what google developers are saying.

mSparks get me a ISO 27001:2022 Control A.7.7 screen locker for X11. Problem for you I know they don't exist and cannot exist without X11 protocol changes that no one is willing to fund..
​

You are a lying piece of shit and I already linked you the ISO27001 certificates for it.
that would be google, used in glinux, for the development of every single product they sell.

You probably should have checked that before launching into your latest tirade of fabricated hyperbolic made up bullshit.

i never asked anything about RHEL... i don't care what IBM/REDHAT does.

but i am sure that a product like steamOS and the steam deck would not be possible without wayland+xwayland.

because all you talk is about remote desktop with KVM switches what would have a horrible experience for games on the steam deck. because of the input lag what comes with the remote part..

This looked like a question to me, had a question mark and everything

​
The answer is still the same btw, if you wont, then no one will, and wayland dev comes to a halt, very soon, in the generally unusable state it is in now.
The only reason RHEL is removing X11, imho, is they don't want to distribute a good, free linux distribution, no one is using wayland because X11 is too good (even the ~ 5 years out of date version of X11 that ships with FC39), and without free testers and leaching off the community there is zero chance of getting to the point anyone will pay for their warez.

KVM just means keyboard, video and mouse.
routing them between applications is all wayland and X11 does.
both take keyboard and mouse events from libinput and send them to the application with current focus, and also provide a frame buffer from mesa for the application to draw stuff on.

The key difference is X11 is a data format that can also be transported over tcpip
but wayland only includes a badly written collection of system calls to achieve the same thing, system calls that application developers must change their applications to in order for them to work on wayland.

From a developer perspective, That looks like:

And as I have pointed out date of certificate are not important. Old certificates will expire. You have given me certificates that if i went to Audit today for a new solution would be useless.



These issues here is why when I go with xsecurelock today and try to get a new certificate for a new solution I will be told to go jump.



Here is problem mSparks you have not presented one current 27001 certificate. To be current the certificate had to be issued/updated in the last 12 months.

A deployed solution can have certificate that non longer current as long as the has not been not current less than 9 years. In other words a 2015 certificate for a solution is only good to 2025 for that solution. You cannot use a 2015 certificate in a new solution you are making today to get 27000 series clearance. So deploying a new solution today I need 27000 certificate issues 22/23 anything else does not work.

mSparks find me a X11 screen locker I can use in a new solution. I was being kind asking for 2022 certificate I was allowing you to look for a 1 year out of date certificate.

Yes google is free to use glinux with xsecurelock until 2025/2026 due to having a 2015 certificate issued in 2015. If they had updated their certificate in 2017 when was the last time the loophole was still in 27001 they would be able to go until 2027/2028 due to having 2017 certificate.

mSparks; when you see a issued 27001 certificate do you see what the google mitigations are on that certificate. The answer is no you don't.

Remember what you said about being secure by design. For a 27001 certificate before 2018 you could write in the migration that all chosen applications would be compatible with the screen locker and never come non resposnive. How is this secure by design when you screen-locker depends on user not running the wrong application to work and application does not hang for some reason. ISO27001:2018 forbids that mitigation.

mSparks get why attempt to quote google and other parties ISO27001 certificates that are old are pointless. Exactly what is glinux by google going do in 2025/2026 when the xsecurelock expires and they cannot get another one. Yes current glinux is looking for move to wayland then.

That quite clearly ends saying

"the issues (in particular the gamepad input issue) will probably persist even with Wayland."
I did, a few pages of your hyperbole back

And then there was the one before that for a product specifically designed for X11 when you were saying X11 had never been given a 27001 certificate anf never would be.

yep, googles expires on the 14th of May this year. They renew every other year
last issued 15th of May 2022

What bullshit story are you going with when goog doesnt lose its 27001 certification in a few weeks, despite only using and supporting X11 internally and never and still not using, supporting or contributing to wayland?

Which will know will be the case, because wayland breaks everything and offers nothing.

"offers nothing" includes not offering any improved chances of 27001 certification.

[QUOTE=mSparks;n1437433]

That quite clearly ends saying

"the issues (in particular the gamepad input issue) will probably persist even with Wayland."

I did, a few pages of your hyperbole back

And then there was the one before that for a product specifically designed for X11 when you were saying X11 had never been given a 27001 certificate anf never would be.


yep, googles expires on the 14th of May this year. They renew every other year

last issued 15th of May 2022


I was clear a current that had to be current

last issued 15th of May 2022
Issued means nothing. What version of the standard has been used that is import.. Remember a certificate can be reissued 9 times for existing solution..
\
ISO/IEC 27001 - Compliance | Google Cloud

The ISO/IEC 27000 family of standards helps keep information secure. Google Cloud Platform and Google Workspace are ISO/IEC 27001 compliant.

Follow the ISO/IEC27001:2013 there and it takes you https://www.iso.org/standard/27001 that is ISO/IEC27001:2022. So there is a problem on front page you pointed to it has not be updated to be current.

You can no longer buy printer copied of prior versions of the 27001 standard.

mSparks; you have not present a current certificate on the current standard. Google only has a old 2015 standard certificate that has been reissued for existing solution.

ISO/IEC 27001:2022

Information security, cybersecurity and privacy protection — Information security management systems — Requirements

Did not notice this did you.

mSparks current certificate has to be
ISO/IEC 27001:2022
or you are dealing with something that base on Withdrawn standard. Withdrawn Standard can only be used for grandfathered solutions for 10 years from the first issue of the certificate. The certificate based on the old standard can be reissued every with it mitigations checked for 9 years without is 27001 version changing. Yes the 10 year the shoe drops. .

There is a ISO/IEC 27001:2013/Cor 3:2018 ​that becomes 2022.

mSparks like it or not you have not presented a correct certificate for me to believe X11 is usable for new solutions.

Please note it costs the same to have a certificate reissued to old standard with mitigations checked as to have the item checked against new versions of the 27001 standard. This is why seeing a old version should have alarm bells ringing there is no cost saving staying on the old version of the standard. Only reason to stay on the old version of standard when you reissue is that you cannot pass new version of standard.

mSparks X11 fans like you have been doing this for years. Everytime someone points out that that X11 is flawed badly and need to be replaced. Lets find some company like google and with only part of the certificate claim every good. Full certificate with mitigation report gave you that X11 was flawed complete time.

Yes same stunts every time mSparks.
1) Ignore the version of ISO27001 is for because this ruins you argument.
2) Attempt to use issue date without known that issue new date on a old version of the ISO27001 standard is a sign of problem. Of course again this does your argument
no good.
3) don't get the full report with certificate to see what migrations you require. There is a reason why google is clear you need to be a paid for customer

Last issued 15th of May 2022 There is a problem that not current standard either.

Publication date 2022-10 is the date of ISO/IEC 27001​:2022

So nothing from google is current so why point me there mSparks.​​

By the way I do have a google Compliance Reports Manager. contact guess who gave me the list of X11 faults to beat you head in with. You have gone to exactly the wrong place to win the argument..


You said google not working on wayland. Kind of pays to check out who from google is currently working on KDE Wayland items.

Even assuming this isn't the 3rd time you fabricated some nonsense in a single thread.
If software having faults meant you couldn't use/sell the software, like I said on the previous page

​
What you seem to not understand here, is ISO27001 is a risk assessment and strategy document/process, not some testament that some protocol/piece of software is 100% fault free.

"secure by design" means you assume the software is flawed - and actively seek to find them + design the architecture such that it remains secure even in the event that flaws you didn't know about are discovered. (screenlock is actually an example of that, because if an attacker has physical access to a machine with sensitive data they are not authorised to access, some other far more important security protocol already failed catastrophically)

Taking your lock screen as an example.
You assume the lock screen is flawed (which in windows and wayland is very, very much the case), but you mitigate that by, for example, logging out of any sensitive software when the screenlock is activated and adding additional monitoring while the screenlock is activated.

That is why XSecurelock has mitigations like
"Above ... || kill -9 -1 workaround would mitigate this issue too by simply killing the entire session if locking it fails.​"

X11 wins hands down here, always has, as demonstrated by google not leaking customer information like a sieve and getting hit by ransomware every other week like all those advised by Microsoft and Redhat.

i use linux for over 22-23 years now i never paid 1 cent to REDHAT and of course i will not pay in the future.

"The answer is still the same btw, if you wont, then no one will, and wayland dev comes to a halt, very soon, in the generally unusable state it is in now."

to be honest this is complete nonsense. people will always work on wayland because they have products like the steam deck who depent on the functionality of wayland.

just remember even google chromebook OS had a update in 2023 to use wayland.... so if you buy a chromebook you pay for wayland development.

"The only reason RHEL is removing X11, imho, is they don't want to distribute a good, free linux distribution, no one is using wayland because X11 is too good (even the ~ 5 years out of date version of X11 that ships with FC39"

what a nonsense i did not use X11 for many years now. why should they keep something no one use ?

why should i miss X11 if all my stuff runs in wayland ? X11 is too good that no one use it anymore.

"free testers and leaching off the community"

dude if you do not write bug reports then you are no free tester at all.

and i am 100% sure REDHAT will fail in leaching off the community because i already see a big move away from redhat and they go to Suse linux instead.

"there is zero chance of getting to the point anyone will pay for their warez."

their behaviour is indeed warez but who cares ? in the future we will even government see buy steam deck to run their desktop or buy Suse Linux contracts instead of redhat contracts.

"From a developer perspective, That looks like:"

you clearly have some kind of trauma.

right absolutely right its really a bad shit-show from this user: mSparks...

i do not even understand what is his goal here. he claims we are paid people paid by IBM ... but it looks more like he is paid by microsoft/apple to make sure no linux gets any future government contracts.