--On Tuesday, 30 January, 2001 00:44 -0800 Dave Crocker
<dhc2(_at_)dcrocker(_dot_)net> wrote:
Hmmm. It occurs to me that what you have highlighted is
another Internet demonstration that scaling imposes more
stringent demands.
Probably
However this was perhaps one of the earliest examples of social
effects -- larger communities have less average
trustworthiness? -- than technical ones.
I wasn't significantly involved in the decision (Jeff or others
might remember), but keep in mind that Multics had very
significant security features: either mailboxes had to be moved
to an inner ring (which was eventually done) or there needed to
be a spool. An essentially application process (relatively low
privs as system sorts of things went) really couldn't write into
a user directory in the user ring without either very funny
access or a huge security hole.
So, while I agree with your conclusion, I suspect the reason for
this particular decision was not social, but system architecture
and, with it, another conclusion we often reach: if the security
model and mechanisms are designed in from the beginning, the
right sorts of things tend to fall into place without horrible
retrofits that almost never quite do the job.
john