On Tue, Oct 21, 2014, at 07:38 AM, Lennart Poettering wrote: > Yes. Correctly. The hash-tree stuff, that is verified on access.
That's actually very cool if it was directly in the FS - it has the potential to be a lot more efficient and dynamic. Does it really exist yet or just planned? All I can see of this is: http://comments.gmane.org/gmane.comp.file-systems.btrfs/34667 > Well, I disagree. In today's world you want the fully verifiable > OS. You want it in the data center, you want it on end user > devices. This is what ChromeOS does, and is what we are seeing is > being done for CoreOS, for Android, for iOS and MacOS too. That's true - while core Android can use dm-verity now, there are some highly privileged applications like the Google Play engine that if compromised on disk would be nearly equivalent to total device compromise. I don't think that's on the dm-verity pool. IMA tries to do this but it's pretty gross. > Well, the "framework" concept I suggested should really include gcc, > gdb, strace and all those things. It should be the real deal, that > allows you to develop stuff. I think the reality is that the packaging model won because you really do start to want unions. GNOME's sdk could include strace and gdb, sure...but what do you do when you need to debug the interpreter of your Python/Ruby/whatever web app? And for that matter, Even then, the set of all profiling/debugging tools is so varied; e..g does the SDK include /usr/bin/perf (incidentally an app that actually comes with the kernel...) _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
