[cap-talk] was: automatic policy embodiment and enforcement -
david.nospam.hopwood at blueyonder.co.uk
Mon Sep 20 23:28:20 EDT 2004
Jed Donnelley wrote:
> At 04:56 PM 9/20/2004, Stiegler, Marc wrote:
>> Jonathan S. Shapiro wrote:
>> > So: we will need to incrementally displace existing systems,
>> > but I don't think that is impossible.
>> Since the smallest delta to POSIX is large enough to break every
>> meaningful application in history, why not just stick with the
>> longstanding answer, which is, build a real OS, run virtual machines
>> on the real OS, throw the current schlock into the virtual machines,
>> and assist and encourage people to write native apps for the real OS
>> that will be not only more secure but also more reliable because they
>> are running on a kernel that makes sense?
> Of course I need to make clear that I don't have an answer to this
> problem, but regarding the above as to "why not..." - perhaps because it
> doesn't seem to be contributing to solving the problem - at least any
> time soon (read 5+ years).
My opinion: *Just build it anyway*. If no-one uses it, then too bad, but
at least we will not have been part of the problem.
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk