|

 
|
| | Name : | Ian S. Piper | Organization : | Diebold Election Systems, Inc. | Post Date : | 9/29/2005 |
| Section : | 6.4.6.3.3 | Page no. : | 19 | Line no.: | 13 | Comment : | In this requirement, "The verification process shall either (a) use reference information on “write-once” media received from the repository", the repository should not be able to distribute the vendor's software without the written authorization of the vendor. Vendors conduct a business in which they sell licenses to use their software product and the distribution of that software must be authorized by the vendor. If a customer feels that verification of vendor delivered software utilizing the NSRL hash codes is insufficient and requires the software delivered directly from the repository, then a request can be made to the vendor for such delivery. The hope is that customers will learn to use the NSRL hash codes and be self-sufficient in verifying the software delivered to them.
Proposed change: Add the following language after the word "repository, so that it reads "from the repository, upon written approval of that distribution from the vendor, ". | |
|
|