[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A comment about changing kernels
|
From: |
Bas Wijnen |
|
Subject: |
Re: A comment about changing kernels |
|
Date: |
Thu, 27 Oct 2005 21:39:17 +0200 |
|
User-agent: |
Mutt/1.5.11 |
On Thu, Oct 27, 2005 at 08:53:43PM +0200, Marcus Brinkmann wrote:
> The problem with L4.sec is the following: It does currently not have
> all the operations that we think we need (I am thinking specifically
> about efficient capability copy and identification). Note that this
> is preliminary and not definitive.
They have said that if we can show that it is something which makes sense in a
real system, they would look at implementing it (and implement it if it's not
too hard. It's also been said that it isn't too hard).
> It's design goal is very ambitious, and there is an uncertainty if it will
> be realized at all. It's experimental in that it is breaking new ground.
> And last, it is not clear if all our design goals can be efficiently
> realized.
I think this is very important. We need to know this before we make the
choice. It would be very bad if we choose another Mach, of which we will find
out later that it isn't suitable for what we want.
> Coyotos is a bit different, because it is more conservative in its
> goal, IMO.
This is what I understood from Shapiro as well. L4 changed drastically, while
EROS changed a bit.
However, what I would really like to hear from Shapiro is what's _wrong_ with
Coyotos. If anyone knows, it would be him. :-)
Also, if we decide to use Coyotos, will he continue to make it his full-time
job to hang around on this mailinglist? Or is that just a PR move to convince
us? ;-)
> There is an orthogonal goal of formal verification, which
> is somewhat uncertain and can take a long time, but this goal can and
> will (AFAIK) be realized in parallel to writing a working
> implementation. So, Coyotos is also experimental, but not so much in
> its architecture, but in its application (formal verification).
I would consider it a nice bonus to have a verified kernel. :-) But I don't
think this is very important in this decision.
> Please note: The above is not a complete list. It is _not at all_
> intended to be suggest a decision. I am not going to make a decision
> before understanding as many facts as possible, and I am certainly not
> going to make any decision all alone on a limb ;)
Good idea.
> List is very low traffic. It will be persistent.
Cool, a persistent list. What does that mean, exactly? :-)
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- A comment about changing kernels, Jonathan S. Shapiro, 2005/10/27
- Re: A comment about changing kernels, ness, 2005/10/27
- Re: A comment about changing kernels, Marcus Brinkmann, 2005/10/27
- Re: A comment about changing kernels, Bernhard Kauer, 2005/10/28
- Re: A comment about changing kernels, Neal H. Walfield, 2005/10/28
- Re: A comment about changing kernels, Bernhard Kauer, 2005/10/28
- Re: A comment about changing kernels, Jonathan S. Shapiro, 2005/10/28
- Re: A comment about changing kernels, Jonathan S. Shapiro, 2005/10/28
- Re: A comment about changing kernels, Bernhard Kauer, 2005/10/29