Re: [Help-smalltalk] [PATCH]Remove security framework

[Gwenaël Casaccio]

On 13/01/2013 08:56, Holger Hans Peter Freyther wrote:
> On Sun, Jan 13, 2013 at 01:18:31AM +0100, Gwenaël Casaccio wrote:
> > Hi,
> >
> > Here is a patch that removes the security framework from the vm side
> > and the smalltalk side. It needs a review before applying.
> What are the arguments to remove this code from the kernel/ and from
> the vm/? Is the code in the vm hard to maintain? is the framework broken?
> or is the policy framework just outdated?

Security in object based languages should be based on the capability 
model (http://en.wikipedia.org/wiki/Object-capability_model 
http://en.wikipedia.org/wiki/Capability-based_security).
And as Paolo says it was never really used.

If I need security in Smalltalk, I would implement something like the e 
language model.
It's more "smalltalkish", no global authority, just message sending. And 
a better security
model also imply a better modular kernel, better module system, 
compiler, ...

> > -  p.untrustedContext = IS_OOP_UNTRUSTED (_gst_this_context_oop);
> > +  p.untrustedContext = false;
> What is the reason to leave the untrustedContext around?

Thanks I will remove it

> _______________________________________________
> help-smalltalk mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-smalltalk