On Mon, 2006-05-01 at 01:34 +0200, Marcus Brinkmann wrote: > At Sun, 30 Apr 2006 18:24:19 -0400, > "Jonathan S. Shapiro" <[EMAIL PROTECTED]> wrote: > > > > On Sun, 2006-04-30 at 22:29 +0200, Marcus Brinkmann wrote: > > > At Sun, 30 Apr 2006 20:29:28 +0200, > > > Pierre THIERRY <[EMAIL PROTECTED]> wrote: > > > > > > 2) If someone implements [confinement] will it be integrated in the > > > > Hurd, even > > > > if disabled by default? > > > > > > This doesn't even make sense if the issue were not contentious. > > > > I believe that Pierre is asking "If someone implements it, will the Hurd > > designers reject integrating it because of politics?" (Please note: > > Marcus himself described this as a decision motivated by the politics of > > ownership). > > > > I think this is a perfectly legitimate question. What is your response? > > You said in another mail: > > > I do not believe that > > true confinement can be added to the system later in any practical > > sense. Architecting it out is, for all practical purposes, banning it. > > I said, many times now, that I do not know a legitimate use case that > is relevant to the GNU Hurd. I have put up a challenge to find one. > > Assuming that no legitimate use case is found, and that you are right > that introducing this feature means a fundamental shift in the > over-all system design, then the answer is clearly that the patch > would be rejected for technical reasons, independent of any political > evaluation.
Yes. I understand this. But it does not answer the question. Pierre is asking whether your political objections are also decisive independent of the technical argument. You write that you do not know a technical argument that decisively requires true confinement. We will certainly work to find one. But if we *fail* to find one, this is an insufficient reason to reject such a foundational mechanism. Even if other mechanisms can apparently achieve similar results, those other mechanisms will not have the strength of formal foundations that the confinement mechanism already has today. We will be unable to reason about the correctness of those systems -- merely to get back to where we stand today with confinement in this regard will be more than a decade of work. Therefore, I would argue: unless there is an overwhelmingly compelling reason to *exclude* true confinement, I believe that it should be included. I do not want to lose 10 to 15 years of progress on verifiable systems unless there is an overwhelming reason to tolerate this. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
