Subject: Re: Xen3 update
To: Jed Davis <jdev@panix.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: port-xen
Date: 03/07/2006 23:54:26
On Tue, Mar 07, 2006 at 07:58:47PM -0500, Jed Davis wrote:
> Thor Lancelot Simon <tls@rek.tjls.com> writes:
> 
> > Any code that doesn't work on a kernel without INSECURE won't work on
> > most people's i386 servers.  There is not much code like that out there,
> > and what there is almost all uses memory or i/o access to whack devices
> > directly, which you can't do with a XENU kernel anyway.
> 
> Despite that I dislike having INSECURE in any default config:
> What about a XENU that's been given access to physical devices?

That is not the case in the "XENU" kernel configuration that we ship,
now is it?

It's absurd that the XENU kernel configuration participates in a notorious,
and optional, security hole that the i386 GENERIC configuration has only
so that it can run X, when that kernel configuration (the XENU we ship)
clearly cannot run X.  The rest of it is, from my point of view, just
excuses.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart