> > On Tue, May 02, 2006 at 10:05:23AM -0600, Christopher Nelson wrote: > > > Any other part of the OS (and that's almost everything) > can indeed > > > be upgraded without a reboot. > > > > Lol. Okay. > > So the TCB *isn't* the OS. What's in the TCB? Let's see... The > > kernel, of course. Probably the network stack (those are > always perfect)... > > Umm... Interface drivers for the keyboard and the mouse and my > > newfangled widget.... Also... Let's see.. Oh yeah ALL the > drivers for > > untrustable hardware buses, which includes my network card, > my video > > card, my sound card... And of course, those are all gonna > be perfect. > > > > My point is that the TCB includes stuff that needs > updating, and may > > need updating on a regular basis as bugs are discovered. > > The TCB should be pretty stable. New features are never > added (mostly because the TCB isn't the place where most > features are implemented). Bugs may need to get fixed at > first, but the amount of bugs that are found per unit time > will decrease. After some time, it should be pretty close to zero.
Do you have much experience with running a datacenter of any size? Bugs *never* approach zero. Or at least, they do so very rarely. We have to patch so-called "core" software twice a month. Oftimes this includes what would be considered part of the "TCB". In the real world "should" and "do" are very different. I think it's a nice idea, and it will be interesting to see how it works in practice. > > Requiring a production server to have manual intervention for each > > update is just not feasible for large datacenters. > >It is a too dangerous operation to protect only by a > password. I agree with that. > > Maybe you feel that this is not an area that is of interest > to the Hurd. > > Now you're being silly. ;-) Yes. :-D _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
