--WplhKdTI2c8ulnbP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 02, 2005 at 05:51:09PM +0200, Elad Efrat wrote:
> Jason Thorpe wrote:
>=20
> > As you said before, there is really no change to veriexec here except=
=20
> > for "sysctl entry point vs device entry point".  Since both choices  are
> > basically non-optimal, I don't see any real benefit to changing=20
> > veriexec at this time, since you're just trading one ugly solution  for
> > another.
>=20
> While there is no change to the end-user here, I *still* think that
> sysctl is a more logical place to have these hooks in.

Yes. We all know that.

The vast majority of us, though, disagree.

> The change is intended to unify the userland access to Veriexec-related
> settings, and like Nathan said -- a matter of taste.

As you agree it's a matter of taste, why are you pushing it in face of=20
this much strong opposition? You've managed to trigger one of the fastest=
=20
threads I've seen on tech-kern in a while. Within a few short hours, we=20
are at over 50 messages in the thread...

> Because the diff reuses the code from sys/dev/verified_exec.c only in
> sys/kern/kern_verifiedexec.c, how would it hurt to do this move, even
> for the sake of having to maintain one less file?

WE

THINK

IT

IS

BAD.


You admit there is no strong technical reason for the move, it's a matter=
=20
of taste. This move tastes bad to a lot of folks.

> In time, when sysctl (or part of it) uses a different interface, we'll
> have to do the move anyway; why not unify it now, then?

Because it already has an interface that many of us consider superior to=20
sysctl.

Take care,

Bill

--WplhKdTI2c8ulnbP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDkNx3Wz+3JHUci9cRAt8vAJ0ZbAIubY/IDZpn32ol1fWRoqf6lACfegnM
jdZrs14R9scSGwCV5FP+qqU=
=xWOX
-----END PGP SIGNATURE-----

--WplhKdTI2c8ulnbP--