brendan at mozilla.com
Tue Feb 2 11:24:22 PST 2010
On Feb 2, 2010, at 10:58 AM, Mark S. Miller wrote:
> In particular, it would be bizarre for Harmony to have two distinct
> and disjoint module systems, A and B, simply because module system A
> was unnecessarily inappropriate for the ocap subset.
No one is proposing this. It would be bizarre. It's a false dilemma.
On the other hand, the second class "simple modules" proposal, plus
the impending Context proposal, allows A and subset-A, as far as I can
tell. But I'll let others say more.
> Since SES needs an ocap-compatible module system, and since this
> module system must be within a subset of Harmony, it makes more
> sense to me to start with the more constrained problem: Let's design
> a module system B adequate for the needs of both SES and Harmony.
> Once we understand the shape of that, then we can reexamine whether
> Harmony still needs a second insecurable module system, or merely an
> insecure superset of the secure module system.
Sorry, this is too biased and path-dependent a design approach. The
space we are "searching" is large. We need to consider alternatives at
both layers, and where possible avoid too much layering.
Layering is a problem, not a solution.
More information about the es-discuss