+10 We definitely both of them in Moose.
Doru On 13 Mar 2011, at 10:46, Stéphane Ducasse wrote: > +1 > > OSProcess is really important for us. > Like a good FFI > > Stef > > On Mar 13, 2011, at 1:11 AM, Igor Stasenko wrote: > >> On 13 March 2011 00:19, David T. Lewis <[email protected]> wrote: >>> Hi Igor, >>> >>> I think it is good to make OSPP (and AioPlugin and XDisplayControlPlugin >>> where appropriate) available in all distributed VMs, but in some >>> applications >>> they provide too much access to the operating system, so it is good to >>> have them as external modules so that people who do not want them on >>> the system can delete the modules. So I think it is best to treat it >>> like FFI, it is there if you want it but can be removed if you are doing >>> some sort of application where the user should not have easy access to >>> the OS functions. >>> >> >> Well, i think for making a secure 'appliance' sort of, a better >> approach to not rely on >> prebuilt VM , but build your own where you can always decide what is >> secure enough and what's not, >> and should be removed/disabled. >> >> Btw, we discussed a bit of this today with Henrik, and first thing i >> think people should do, in order to make it more secure >> is to disable external module loading mechanism. >> Declaring that standard VM is more secure if you don't ship it with >> _external_ modules (like FFI) sounds like a joke. >> >> So, what i'd like to ask is, that if everyone feel a day-to-day need >> for using things like FFI or OSProcessPlugin >> we should make it available by default and out of the box. And for >> those, who concerned with low security there is always >> an options to improve it, like hiring people to develop a custom VM >> based on default one, where all security problems is >> addressed properly. >> >> So, i don't see why we should constrain ourselves with things we use >> and need, only because in eyes of someone >> it doesn't looks secure enough. >> >>> Dave >>> >> >> >> >> -- >> Best regards, >> Igor Stasenko AKA sig. >> > > -- www.tudorgirba.com "Obvious things are difficult to teach."
