At Wed, 3 May 2006 11:49:06 +0200, Pierre THIERRY <[EMAIL PROTECTED]> wrote: > > [1 <multipart/signed (7bit)>] > [1.1 <text/plain; us-ascii (quoted-printable)>] > Scribit [EMAIL PROTECTED] dies 02/05/2006 hora 23:47: > > The answer should be pretty obvious: For the reasons stated before, we > > will most likely never include the constructor mechanism in the > > official ngHurd version distributed by the GNU project. > > So your're so against non-free software that you want people not to be > able to hide their code when they *need* to? That really seems a bit > fanatic to me. And that's frightening, because among many of my friends, > I'm a bit too fanatic about free software and the ethical issues about > non-free software. > > In fact, for obvious reasons I asked to Marcus. But who will have the > power to decide eventually? In KDE, "those who write the code make the > design decisions". It will obviously not be the case here (for good > /and/ bad reasons, IMHO)
These are valid questions, and they need to be considered with extreme caution. You give the impression that it is my model in wich we make a decision for somebody else, while the trusted computing model gives you more possibilities. I believe that this is a fundamental error in analysis. I just wrote a very long mail, with the subject "Part 1: Ownership and Contracts". In that mail, I give an analysis how contracts (for example, like hiding your code while still allowing others to use it) come to be. It is my believe that this analysis shows clearly that both systems allow to implement the same contracts. What differentiates them is that in my model, there is _no_ contract that is "the default", while in EROS/Coyotos, there is a default contract. Also, in my model, by default, no operation creates a contract, while in EROS/Coyotos, every process instantiation, by default, creates a contract. The difference is not in what is theoretically possible, but in what the default behaviour is. You can read in that mail some of the reasons why I believe that the behaviour I suggest is safer. You do not need to agree with these reasons, but I think it is very wrong to suggest that my design imposes a fundamental limitation to the creation of legitimate contracts. It does, intentionally, impose a barrier on the creation of contracts involuntarily. These differences do have practical consequences. While in the EROS/Coyotos model, it is very straightforward to implement DRM-like control, in my model it is substantially harder, maybe to the extent of making it impossible. However, this is because DRM-like control contracts are extremely invasive, and because DRM-like control contracts are fanatic about controlling your resources. It is not because we are fanatic about not letting you use them. If after reading that mail you still have your concern, I would invite you to respond to that mail and raise it in the context of my analysis. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
