[Qgis-user] Questions for internal approval
Andreas Neumann
andreas at qgis.org
Tue Sep 3 23:50:40 PDT 2024
Dear James,
I am responding below to your questions. You can find responses to all of
your questions on our homepage, however.
Greetings,
Andreas
On Wed, 4 Sept 2024 at 05:02, James Khng via QGIS-User <
qgis-user at lists.osgeo.org> wrote:
> Hi Team
>
>
>
> I am trying to get this software approved for installation with our
> internal IT Team.
>
>
>
> They have come back with the following questions. Any help would be much
> appreciated!
>
>
>
> - Who supports the application? Is there an enterprise agreement or is
> it self-supported?
>
>
It is up to you if you want to self-support, use community support (with no
guaranteed responses) or use commercial support, also with an enterprise
agreement.
See https://www.qgis.org/resources/support/ and
https://www.qgis.org/resources/support/commercial-support/
>
>
> - Who is responsible for patching/upgrading? Also, is there any
> schedule available?
>
>
As always: the local IT team. We do have a schedule/roadmap at
https://www.qgis.org/resources/roadmap/#schedule
>
>
> - What is the incident response plan, process/procedure? Who will be
> the responsible team if there is any security incident related to this
> product?
>
>
If you go for commercial support, it is your commercial support provider.
QGIS as a community project tries to fix security related issues with high
priority. The terms of the GPL license apply. See also
https://www.qgis.org/resources/support/security/
>
>
> - Is there a vendor critical patch notification mailing list?
>
>
Well, all the releases of QGIS are public. We usually use our release
schedule, unless, there is some extra important issue that justifies an
extra, off-schedule release.
>
>
> - Is there any certified image? (Malware/Trojan free)
>
>
Our Windows and Ubuntu packages are signed with a certificate.
>
>
> - Who is providing the technical support?
>
>
See above
>
> - Is there best practice defined for hardening/configuration by vendor?
>
>
QGIS is a very open system. It can connect to numerous web services, allows
to extend it with Python plugins. It is in the responsibility of the IT
team and user to make sure you do not connect to malicious services or
install a malicious plugin. Also, it is in the responsibility of the local
IT team to make sure that the firewall in the local network is set up
according to modern standards.
>
> - Is there any documentation available for this application?
>
>
Of course: https://www.qgis.org/resources/hub/
>
> - Is there any logging or SIEM capability?
>
>
Can you be more specific what you mean here? What should be logged?
>
>
> - Will there be single sign-on and MFA implemented for this
> application?
>
>
QGIS supports many database and web service providers. It depends on the
provider and configuration. Also, this can be discussed with your
commercial QGIS support company.
>
>
> - Will this application be routed through PAM or will local admin
> access be required
>
>
No local admin access is required to run QGIS.
>
> -
>
>
>
>
>
>
>
> Thanks
>
> James
>
>
>
>
> This email and any accompanying documents are confidential, protected by
> copyright or subject to legal professional privilege. If you are not the
> intended recipient, any use, dissemination, forwarding, printing or copying
> of this email and any accompanying documents is strictly prohibited. If you
> have received this email in error please notify the sender immediately and
> delete it from your system.
> _______________________________________________
> QGIS-User mailing list
> QGIS-User at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
--
--
Andreas Neumann
QGIS.ORG board member (treasurer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20240904/f07b377e/attachment.htm>
More information about the QGIS-User
mailing list