On Thu, Feb 14, 2013 at 10:49 PM, Brian Smith <bsm...@mozilla.com> wrote:
> 3. Will that thing support Flash or any other plugins? > Definitely not. I think there is no doubt that Rust on its own brings a lot of security > advantages to a browser-like thing based on Servo. But, as the design > document notes, there are things that Rust can't do. For example, Rust > can't, in general, stop you from writing "if (!x)" instead of "if (x)" like > I did in a recent NSS bug. > Sure, but so what? Neither process-level sandboxing nor any other technology we can lay our hands on will prevent that. I think access/modification of cookies, passwords, and other > security-sensitive data within the browser will be (if not already) just as > sensitive as access/modification of anything local to the computer for > typical computer users. > I totally agree. Just, from all the things I've read and heard, it is very unclear that > Servo will end up to be competitive in terms of security with competitors > in a reasonable timeframe given a reasonable estimation of resources, > especially if Google's process-per-site experiment is successful. > There are many large risks that may prevent Servo from being competitive in any timeframe, let alone a reasonable one. It's a high-risk research project. I hope we're all comfortable with that :-). I think it's premature to start making a roadmap that makes Servo a competitive product in N years; apart from anything else, such a roadmap is going to be pure fantasy when there are still many basic questions we don't know the answers to. But you're right, I was overly dismissive of granular process-level sandboxing. It's worth thinking about how it could be fitted into Servo if and when the need arises. However I still think there's a lot of very basic stuff, like how DOM and layout work, that is more important to work on. Rob -- Wrfhf pnyyrq gurz gbtrgure naq fnvq, “Lbh xabj gung gur ehyref bs gur Tragvyrf ybeq vg bire gurz, naq gurve uvtu bssvpvnyf rkrepvfr nhgubevgl bire gurz. Abg fb jvgu lbh. Vafgrnq, jubrire jnagf gb orpbzr terng nzbat lbh zhfg or lbhe freinag, naq jubrire jnagf gb or svefg zhfg or lbhe fynir — whfg nf gur Fba bs Zna qvq abg pbzr gb or freirq, ohg gb freir, naq gb tvir uvf yvsr nf n enafbz sbe znal.” [Znggurj 20:25-28] _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
