<div dir="ltr"><div dir="ltr"><div>Dear James,</div><div><br></div><div>I am responding below to your questions. You can find responses to all of your questions on our homepage, however.</div><div><br></div><div>Greetings,</div><div>Andreas<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 4 Sept 2024 at 05:02, James Khng via QGIS-User <<a href="mailto:qgis-user@lists.osgeo.org">qgis-user@lists.osgeo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166">

<div lang="EN-AU" style="overflow-wrap: break-word;">

<div class="m_-1907483501099157166WordSection1">

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif">Hi Team<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif">I am trying to get this software approved for installation with our internal IT Team.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif">They have come back with the following questions. Any help would be much appreciated!<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium">

<tbody>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

</td>

</tr>

<tr style="height:15.05pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:15.05pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Who supports the application? Is there an enterprise agreement

 or is it self-supported?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>It is up to you if you want to self-support, use community support (with no guaranteed responses) or use commercial support, also with an enterprise agreement.</div><div><br></div><div>See <a href="https://www.qgis.org/resources/support/">https://www.qgis.org/resources/support/</a> and <a href="https://www.qgis.org/resources/support/commercial-support/">https://www.qgis.org/resources/support/commercial-support/</a></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:15.05pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:15.05pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Who is responsible for patching/upgrading? Also, is there

 any schedule available?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>As always: the local IT team. We do have a schedule/roadmap at <a href="https://www.qgis.org/resources/roadmap/#schedule">https://www.qgis.org/resources/roadmap/#schedule</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:15.05pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:15.05pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">What is the incident response plan, process/procedure? Who

 will be the responsible team if there is any security incident related to this product?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>If you go for commercial support, it is your commercial support provider. QGIS as a community project tries to fix security related issues with high priority. The terms of the GPL license apply. See also <a href="https://www.qgis.org/resources/support/security/">https://www.qgis.org/resources/support/security/</a></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:15.05pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:15.05pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Is there a vendor critical patch notification mailing list?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>Well, all the releases of QGIS are public. We usually use our release schedule, unless, there is some extra important issue that justifies an extra, off-schedule release.<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Is there any certified image? (Malware/Trojan free)</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>Our Windows and Ubuntu packages are signed with a certificate.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Who is providing the technical support? 

</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>See above<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

</td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Is there best practice defined for hardening/configuration

 by vendor?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>QGIS is a very open system. It can connect to numerous web services, allows to extend it with Python plugins. It is in the responsibility of the IT team and user to make sure you do not connect to malicious services or install a malicious plugin. Also, it is in the responsibility of the local IT team to make sure that the firewall in the local network is set up according to modern standards.<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Is there any documentation available for this application?

</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>Of course: <a href="https://www.qgis.org/resources/hub/">https://www.qgis.org/resources/hub/</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

</td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Is there any logging or SIEM capability?</span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>Can you be more specific what you mean here? What should be logged?<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Will there be single sign-on and MFA implemented for this

 application? </span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>QGIS supports many database and web service providers. It depends on the provider and configuration. Also, this can be discussed with your commercial QGIS support company.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<br></td>

</tr>

<tr style="height:12.2pt">

<td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt">

<ul style="margin-top:0cm" type="disc">

<li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"><span style="font-size:10pt;font-family:"Arial",sans-serif;color:rgb(38,38,38)">Will this application be routed through PAM or will local

 admin access be required</span><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u><u></u></span></li></ul></td></tr></tbody></table></div></div></div></blockquote><div><br></div><div>No local admin access is required to run QGIS.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1907483501099157166"><div lang="EN-AU" style="overflow-wrap: break-word;"><div class="m_-1907483501099157166WordSection1"><table border="0" cellspacing="0" cellpadding="0" width="671" style="width:503.25pt;border-collapse:collapse;border:medium"><tbody><tr style="height:12.2pt"><td width="671" valign="top" style="width:503.25pt;padding:0cm 5.4pt;height:12.2pt"><ul style="margin-top:0cm" type="disc"><li class="m_-1907483501099157166MsoListParagraph" style="margin-left:0cm"></li></ul>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif">Thanks<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:10pt;font-family:"Arial",sans-serif">James</span><span><u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<br><br><p style="font-family:Times New Roman;font-size:12pt;color:rgb(102,102,102)"></p><p></p><p style="font-family:Times New Roman;font-size:12pt;color:rgb(102,102,102)">This email and any accompanying documents are confidential, protected by copyright or subject to legal professional privilege. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. If you have received this email in error please notify the sender immediately and delete it from your system.</p></div>

_______________________________________________<br>

QGIS-User mailing list<br>

<a href="mailto:QGIS-User@lists.osgeo.org" target="_blank">QGIS-User@lists.osgeo.org</a><br>

List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-user" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>

Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-user" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br>

</div></blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><br>--<br>Andreas Neumann<br></div><a href="http://QGIS.ORG" target="_blank">QGIS.ORG</a> board member (treasurer)<br></div></div></div>