On Tue, Mar 07, 2006 at 08:24:32PM +0100, Manuel Bouyer wrote:
> 
> INSECURE doesn't affect only the ability to run a X server. I think 
> a default Xen system behavior should be as close as possible to a plain
> i386 one.

I strongly disagree.  The *only* reason INSECURE is in the GENERIC i386
kernel configuration is because it is required to run XFree.  Other ports'
GENERICs do not include it.  i386 is an exception from the default NetBSD
security model; XENU doesn't have to be, and I don't think it should be.

Any code that doesn't work on a kernel without INSECURE won't work on
most people's i386 servers.  There is not much code like that out there,
and what there is almost all uses memory or i/o access to whack devices
directly, which you can't do with a XENU kernel anyway.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart