On Wednesday 30 January 2008 17:32, Mirko Jahn wrote: > I think it is important for further versions of > the spec to point out that the initial state of the FW is unsafe until > a custom bundle is deployed, which sets the right permissions and that > the start order is crucial to ensure a not compromised environment.
This is pure FUD. It is implementation specific, and IMHO no need for the spec to force one way over the other. Call it "room for competition" if you like. Bundle start order is possible to set up on any framework that is security-capable and that I know of. How the start order is established is also implementation specific, but StartLevel support is expected (required to get certified AFAIK) from framework implementations. The CPA as mentioned is part of the framework and can/should require that its config explicitly state any trusted bundles, incl. an agent that can modify the permissions. Instead of hypothetially criticizing the spec, why not put forward exactly what you want to do, which of the frameworks you want to do it with, and let those who work with it tell you how to do it. I am mostly working with Felix, and it doesn't have the security bits totally in place yet. Sorry if this sounds harsh... It is not meant to be, but I can't formulate myself any better. Cheers -- Niclas Hedhman, Software Developer I live here; http://tinyurl.com/2qq9er I work here; http://tinyurl.com/2ymelc I relax here; http://tinyurl.com/2cgsug _______________________________________________ OSGi Developer Mail List [email protected] http://www2.osgi.org/mailman/listinfo/osgi-dev
