[cap-talk] High level dissonance

[James A. Donald]

Stiegler, Marc D wrote:
 > Please note that the example problem with the request
 > for C drive authority is not properly solved simply by
 > making it impossible for users to grant C drive
 > authority. Users have a legitimate need to be able to
 > grant access to the whole C drive -- for the Norton
 > Disk Recovery program, for example.

Disk recovery and FDISK are the only programs that need
unfettered disk access.  Don't bring up a dialog.

A safe operating system requires some trusted software -
for example, the software that brings up the file select
dialog.  The point is to have as little as possible, and
to have the investigation of what is to be trusted done
by a few people for many, rather than each person
needing to do it for himself.

The end user should never see a dialog that says "grant
total power to some application" at run time, because
that is too late..  Instead, at install time, he should
see see a dialog "This software requests extraordinary
privileges that most software does not need.  It is
digitally signed by Joe Belosi.  Will you grant
extraordinary privilege to any software that Joe Belosi
thinks should receive extraordinary privilege.

*Some* software needs to be able to request full access
to the C drive, but whether this is some such software
should be a question that arises at install time.