[Mono-dev] Mono 1.1.17 has been released.

Robert Jordan robertj at gmx.net
Wed Aug 30 10:40:00 EDT 2006

Sebastien Pouliot wrote:
> On Wed, 2006-08-30 at 14:45 +0200, Robert Jordan wrote:
>> About Mono's plugin: w/out a working CAS it's grossly negligent
>> to even think about an implementation that allows the execution
>> of assemblies from untrusted sources. Even if they were signed
>> with God's own key, they still were insecure to execute.
>> Let's not beat this dead horse again.
> He's dead Jim... huh I meant, it's not dead yet Robert ;-)
> Seriously there are, at least, three reasons to implement this.
> First, divide and conquer. It can be done in parallel with the CAS
> implementation (and related tasks). There seems to be little to gain
> from having it without CAS, however there's also little gain in
> completing CAS if there's no applications that can take advantage of it.

Sorry, I exaggerated a little bit. Of course this could
be done in parallel.

> Second, there are scenarios where FullTrust|Nothing is a valid choice.

Indeed, but since we were speaking about a generic browser plugin,
low trust is rather the usual trust level. See JavaScript, Java Plugin,

>         Company A deploys FireFox (on top of Linux, of course ;-) and a
>         mono-plugin configured to accept signed applications (i.e.
>         assemblies) from "Company A" only. In this case this is an
>         (non-existing) technological choice to deploy corporate
>         applications yet it totally avoid the "untrusted source"
>         problem.

Ok, that's a subset of the CAS.

> Third, this could be the idea of fun to somebody and I feel obligated to
> encourage such individuals ;-)

Of course. I didn't intend to yell "stop energy" :-)


More information about the Mono-devel-list mailing list