On Mon, Aug 24, 2009 at 6:11 AM, Gustavo Noronha Silva<gns@gnome.org> wrote:
I am saying that we should be careful not to design things with 'Linux is mostly used in enterprise settings' in mind.
Ah, I see. Yes, this makes sense. My experience with Linux is mostly in universities where these sorts of file systems are the norm.
So, to clear up my position regarding the actual meat of the proposal: I agree this is an important security concern. Doing that in libraries right now will break API expectations, though, so I think if it is done, this should be done first by documenting the intent to change, and then changing after a reasonable amount of time. Of course browser applications can do it right now, though =)
By way of context, Firefox has had this mitigations for several years on all platforms. IE has an even more onerous mitigation for a long time (basically they punt the decision to the users with a "click here to be hacked" experience). Chrome has had this mitigation since day 1. I think the main compatibly risk is in non-browser uses of WebKit where it's difficult for us to assess the risk without knowing the application. Where do you think we should document our intent to change? Adam