Re: L4-HURD , POSIX, UNIX

[Jonathan S. Shapiro]

On Tue, 2005-11-01 at 17:10 +0100, Filip Brcic wrote:
> Дана Tuesday 01 November 2005 16:47, Jonathan S. Shapiro је написао(ла):
> > On Tue, 2005-11-01 at 13:35 +0100, Bas Wijnen wrote:
> > > On Mon, Oct 31, 2005 at 08:02:29PM -0600, William Grim wrote:
> 
> > > I like persistence as well, mostly because I feel it results in a more
> > > robust system.  However, if people already see concrete problems with it,
> > > I'd like to hear them now, not after we decided that we want persistence.
> 
> Persistence could be an option. There are issues with persistence (such as 
> reloading the corrupt code on every boot), and therefore it should not be 
> enforced.

Persistence cannot be turned off in a globally persistent system. This
is not a statement of policy. It is a functional consequence of the
design.

> > The thing that I bring fairly uniquely is an in-depth understanding of
> > security and robustness issues and how to make strong security usable.
> > Whether this is important to Hurd must still be decided.
> 
> Strong security and robustness can always find some use. My opinion is that 
> it 
> must not be enforced for the regular (future) Desktop user of Hurd, but it is 
> very important for server computers and embedded devices.

My opinion is that this opinion is based primarily on fear of the
unknown. The only reason to fail to enforce security is the *assumption*
that security is inconvenient and makes things difficult to use. If this
assumption is correct, then your conclusion may be reasonable -- but
even then I think we should be trying to achieve an overall balance of
interests for the user, and security is currently undervalued in this
balance today -- still, reasonable people might choose different
balances.

However, there is an increasing body of evidence that this assumption is
mistaken. If that turns out to be right, won't we all look pretty stupid
and backward-thinking!

It's a gamble. No question.


shap