[cap-talk] What sustained interest in capabilities
Mitsu Hadeishi
mitsu at syntheticzero.com
Wed Jan 7 23:46:23 EST 2009
On Jan 7, 2009, at 10:34 PM, Mark Miller wrote:
> Indeed. To emphasize the distinction, I'd like to point out that
> David-Sarah has invested substantial effort, and made substantial
> contributions to, efforts to secure JavaScript by external
> verification (his own Jacaranda) and rewriting (his contributions to
> Caja). If ever we needed an example of reducing risk by building a
> thin layer of security on top of a heaping pile of chaotic unspecified
> insecure expletive deleted, all of today's existing browsers provide a
> better example than one could have hoped for. So clearly David-Sarah
> agrees that such layering efforts are valuable.
I'm glad to hear this. And just to make my position completely clear,
from the beginning of this discussion I never suggested that the top-
to-bottom approach ought to be abandoned. I've simply been arguing
that the approach I've been advocating here is valuable, and can get
us very far down the road; I've said all along the top-to-bottom
approach is a perfectly fine long-term goal.
Mitsu
More information about the cap-talk
mailing list