From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 1DE6D8BA6; Mon, 22 Jun 2026 17:55:20 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 017BC8B9C; Mon, 22 Jun 2026 17:55:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=0.4 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,FROM_SUSPICIOUS_NTLD,SPF_HELO_NONE, T_PDS_OTHER_BAD_TLD autolearn=no autolearn_force=no version=4.0.1 Received: from mail-108-mta118.mxroute.com (mail-108-mta118.mxroute.com [136.175.108.118]) by atuin.qyliss.net (Postfix) with ESMTPS id 19EB18B9B for ; Mon, 22 Jun 2026 17:55:16 +0000 (UTC) Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta118.mxroute.com (ZoneMTA) with ESMTPSA id 19ef078dc2100067f7.002 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Mon, 22 Jun 2026 17:55:13 +0000 X-Zone-Loop: 6f85b0dea6fda9e242acfc05b7adf545e31314ca10a8 X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gagarin.work; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: From:References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rlUFP4oXpAwiWIycO6/nnvwbJDi0pWQg026D+2/gqXQ=; b=X/GIIb1YsBq8qDx61korqqllkt YYRThFP07HL7mN3zDptAO9cs7w8/+dy40ZwIBmi7dZ3Q5ryNHZoIiKBriN5xrImUqgbV19iIrGI0y xiv1r6ggUZvXAdGjewrXtZk1RL7YwbIHXHSOUMv6dMmBI4QDwtvHZ3QbLrPOPmQkzPADf/XZCda62 +6Ah5YwSnaO/mGio3lxBRtgtgTqmPZy1T8M2I2szXL93pTX3Uph75dDW3O75VsoFcLca/RA94rP7q NrtVMtgNiEgZB4u+uJHeuZBGKeXWHZHM260SKE95mj9obi+/SuWca5URcNkKPJHMoABkv2aziADDf TiC8cEaA==; Message-ID: <79bbbb72-c5f3-4ace-82c5-928b1abee2a0@gagarin.work> Date: Mon, 22 Jun 2026 19:55:08 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 2/2] Documentation: sketch the threat model on the front page To: Alyssa Ross References: <20260617132414.103828-1-valentin@gagarin.work> <20260622095556.170159-1-valentin@gagarin.work> <20260622095556.170159-2-valentin@gagarin.work> <87echyiu4d.fsf@alyssa.is> Content-Language: en-US From: Valentin Gagarin In-Reply-To: <87echyiu4d.fsf@alyssa.is> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Authenticated-Id: valentin@gagarin.work Message-ID-Hash: DLKRCVMMRHVJLAUCIYC23HJDL6ZHP3FD X-Message-ID-Hash: DLKRCVMMRHVJLAUCIYC23HJDL6ZHP3FD X-MailFrom: valentin@gagarin.work X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.10 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 6/22/26 15:26, Alyssa Ross wrote: > Valentin Gagarin writes: > >> Also capture the poking-holes security model and hint at the trust >> boundary. >> >> This way of phrasing it intentionally doesn't go into any detail. >> Proper exposition in dedicated documents would still be fruitful, >> especially for readers less experienced with the domain. But this way >> we already mention all the most important ideas in the first few >> paragraphs, which should be more likely to capture attention of experts. >> >> Signed-off-by: Valentin Gagarin > > Good addition. > >> --- >> Documentation/index.html | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/Documentation/index.html b/Documentation/index.html >> index 6d4f07b..e1c5ebb 100644 >> --- a/Documentation/index.html >> +++ b/Documentation/index.html >> @@ -21,9 +21,14 @@ the principle of security by compartmentalization. It aims to have a >> lower barrier to entry and to be easier to use and maintain than other >> such systems. >> >> +

>> +By isolating each application in a virtual machine, Spectrum prevents untrusted >> +software from accessing what you haven't explicitly allowed or disrupting other >> +applications. >> + >>

>> Persistent data will be managed centrally, while >> -applications remain isolated. This means that the system can still be >> +preserving boundaries between compartments. This means that the system can still be > > Do you think it's already understandable by this point what a > compartment is, to a reader that is learning about security by > compartmentalization for the first time? My gut feel is it will be alright, because the intuitive notion of compartment maps good enough to what's really going on. Open to suggestions for further improvement of course.