Leo Sutic wrote: > Berin, Peter, > > I'm not very worried about the security aspects of the ComponentValidator class. >Like Peter, I see the battle as lost when a malicious component has entered the >system, and I do not see that as enough reason to increase code complexity. >
This is true, but you can still minimize damage. > However, I am much more concerned with buggy containers. The case could be made that >a test case for containers would solve this, and I think Peter is completely right in >that. Such a test case *is* needed. There's no argument against it. > I never argued against a testcase for containers. I argued *for* inclusion of ComponentValidator > But it is also considered good practice to add assertions throughout the code, to >catch things that "can not" happen, and I see the ComponentValidator as a tool for >that. > This is one of my points, unfortunately Peter *will* not hear it. > Assertions provide a nice fail-fast, and aids in debugging. > > (Regarding UNIX file permissions: I see the security aspect of them, but to me they >are also protection against users inadvertently deleting the wrong files. I have had >much more work related to user screwups than cracker assaults. The neat thing is that >I get protection from both from file permissions. ComponentValidator does the same - >primarily I get faster debugging and better regression tests, and if it stops some >component hell-bent on destruction as well, then that is good.) > Yet another point in favor of the ComponentValidator. Can I assume then that your are +1 on the matter? -- "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>