Hi, "Jonathan S. Shapiro" <[EMAIL PROTECTED]> writes:
> More freedom must be balanced against more vulnerability. In that respect, GNU Emacs tends to be a counter-example, no? There are also many applications extensible in Guile, Lua, Python, Perl, or whatever. Just because these applications are extensible doesn't mean that they can execute code in the user's back. So the user has no excuse and is fully accountable for whatever vulnerability might be exploited without his approval. ;-) > Of COURSE it is! Running code without control where you don't know what > the code does isn't vulnerable? Who has been giving you these wonderful > drugs? I am not under drugs. Code is not being run "without control": if I install a plug-in for XMMS, TeXmacs, Emacs, etc., or a translator for the Hurd, _I_ must evaluate the risk of misbehavior of this code and take appropriate measures. Same when I install an application, be it extensible or not. Of course, the more guarantees an OS can provide (such as a fine-grain control over the resources used by a program), the better. But there are guarantees I do not expect from an OS. For instance, I don't expect my OS to guarantee that player X really flawlessly plays video in format Z as it claims to. Likewise, I don't expect my OS to be able to tell me whether a given server really correctly implements the io/dir interfaces. > But it is also necessary. I do not propose that we give up > extensibility. I propose that we architect systems in which the > vulnerability that is inherent in extensibility is a manageable thing. Agreed. Thanks, Ludovic. _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
