Hey Niclas, don't worry. I don't consider your comment harsh. It is a discussion and I am happy to hear your opinion. I really, really like OSGi and I am just trying to understand certain things. On my way to accomplish this, I am trying to share the obstacles I was faced with in order to improve the spec if possible. So please don't hold back if you/or others disagree!
On Jan 30, 2008 1:26 PM, Niclas Hedhman <[EMAIL PROTECTED]> wrote: > On Wednesday 30 January 2008 17:32, Mirko Jahn wrote: > > I think it is important for further versions of > > the spec to point out that the initial state of the FW is unsafe until > > a custom bundle is deployed, which sets the right permissions and that > > the start order is crucial to ensure a not compromised environment. > > This is pure FUD. It is implementation specific, and IMHO no need for the spec > to force one way over the other. Call it "room for competition" if you like. Well, here I have to disagree to some degree. Part of any spec, talking about security also has the obligation to point out traps or issues related to it - at least I think and the OSGi spec does this in several places very well. The fact that until some initial permissions are set, the framework (by definition) have to grant AllPermission to all potentially installed bundles (as BJ pointed out) is neither the default nor the recommended behavior of the JVM. How you solve this situation, by providing a config bundle, which sets up these permissions secured by a fixed start order or any other mechanism you can think of is truly an implementation detail of the framework and shouldn't be advertised or even mentioned, I have to agree. I wasn't trying to say that this should be a "it has to be like that" statement, more something like a be aware, you have to do something to make it secure statement. > Instead of hypothetically criticizing the spec, why not put forward exactly > what you want to do, which of the frameworks you want to do it with, and let > those who work with it tell you how to do it. I am mostly working with Felix, > and it doesn't have the security bits totally in place yet. Well, I see your point here. Of course the fast and easy way to solve issues is to implement it the right way. In general you can argue in favor of either way. Leave the spec as open as possible or be extremely restrictive/ precise. In my experience being to open makes interoperability between differnt vendors hard and error prone (see f.i. ClassLoading issues in JEE). I have to admit though, that I am pretty biased, because I am research related and there you work theoretical for pretty much the most amount of time. Many things are conceptually evaluated and here you can't argue with implementation details if you are trying to make a general statement. For instance if you call a bundle a module or a component makes a hough difference in theory, but in "real life" you don't care at all. So the hypotheticial criticism (actually it was more intended to be a suggestion) has a point to some extend. It always depends on the context you are looking at things. Besides, sometimes you can't be more precise, because you are just not allowed to talk about it, depending on the project and company especially when security is involved. > Sorry if this sounds harsh... It is not meant to be, but I can't formulate > myself any better. As I said, constructive comments are always welcome. There is no reason to apologize for. Best Regards, Mirko _______________________________________________ OSGi Developer Mail List [email protected] http://www2.osgi.org/mailman/listinfo/osgi-dev
