[Mono-dev] Mono 1.1.17 has been released.
Sebastien Pouliot
sebastien.pouliot at gmail.com
Wed Aug 30 09:38:00 EDT 2006
On Wed, 2006-08-30 at 14:45 +0200, Robert Jordan wrote:
> About Mono's plugin: w/out a working CAS it's grossly negligent
> to even think about an implementation that allows the execution
> of assemblies from untrusted sources. Even if they were signed
> with God's own key, they still were insecure to execute.
> Let's not beat this dead horse again.
He's dead Jim... huh I meant, it's not dead yet Robert ;-)
Seriously there are, at least, three reasons to implement this.
First, divide and conquer. It can be done in parallel with the CAS
implementation (and related tasks). There seems to be little to gain
from having it without CAS, however there's also little gain in
completing CAS if there's no applications that can take advantage of it.
Second, there are scenarios where FullTrust|Nothing is a valid choice.
In fact this is what people do when manually downloading and executing
any application (mono or not). So it all comes down to the "untrusted
source" and, like any kind of application, this isn't a problem for
everyone. E.g.
Company A deploys FireFox (on top of Linux, of course ;-) and a
mono-plugin configured to accept signed applications (i.e.
assemblies) from "Company A" only. In this case this is an
(non-existing) technological choice to deploy corporate
applications yet it totally avoid the "untrusted source"
problem.
Third, this could be the idea of fun to somebody and I feel obligated to
encourage such individuals ;-)
--
Sebastien Pouliot <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/
More information about the Mono-devel-list
mailing list