James> There are two issues here that I can see. One is defining what James> milestone/network actually means, and the other is determining what James> sorts of dependencies on it are needed or possible. The two issues, James> though, are interrelated.
James> If we define milestone/network as meaning: James> - lo0 is configured (which, frankly, ought to be true by the time James> ip`_init returns) James> - configured IPsec rules, if any, are loaded James> - configured IP Filter rules, if any are loaded James> ... then I can see a reason for this to exist. All network services James> would need to depend on it. It'd sort of be nice if there were no James> such thing required, but it seems like a fair solution to tie these James> separate subsystems together. James> The implication is that services depending on this will know that if James> they can reach something, then it's as "safe" as it's going to get; James> meaning that the security bits are in place. (Nothing's ever really James> safe, but this is as far as we go.) Agreed: I like the definition, and I agree with the implication. James> If we were to define milestone/network as additionally meaning that James> there's "some" way out of the box and onto some physical network, James> then a host of problems occur... Also agreed: let's not go there. -- John http://blogs.sun.com/jbeck
