Can We Retain the Benefits of Transitive Dependencies Without Undermining Security?
last updated: Jan 28, 2025
With that qualification in mind, let me outline where I would one day like our software to go. I would like to run software, built from multiple components (i.e. dependencies of some kind), in such a way that:
- Components are isolated from each other as much as possible.
- Each component only has the minimum permissions it needs.
For example, I don’t want my image decoding component to have network access, or the ability to access RAM with passwords in; but I do want my network downloading component to have network access, and I do want to be able to create a component that can manage and use passwords.
I don't actually love his vision for components bound by capabilities, but I am glad that some people are still blogging about the ways we might change computing for the better.