Valentin Gagarin writes: > Also capture the poking-holes security model and hint at the trust > boundary. > > This way of phrasing it intentionally doesn't go into any detail. > Proper exposition in dedicated documents would still be fruitful, > especially for readers less experienced with the domain. But this way > we already mention all the most important ideas in the first few > paragraphs, which should be more likely to capture attention of experts. > > Signed-off-by: Valentin Gagarin > --- > Documentation/index.html | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/Documentation/index.html b/Documentation/index.html > index 6d4f07b..e1c5ebb 100644 > --- a/Documentation/index.html > +++ b/Documentation/index.html > @@ -21,9 +21,14 @@ the principle of security by compartmentalization. It aims to have a > lower barrier to entry and to be easier to use and maintain than other > such systems. > > +

> +By isolating each application in a virtual machine, Spectrum prevents untrusted > +software from accessing what you haven't explicitly allowed or disrupting other > +applications. > + >

> Persistent data will be managed centrally, while > -applications remain isolated. This means that the system can still be > +preserving boundaries between compartments. This means that the system can still be > thought of as a whole, rather than many virtual > machines each becoming a system of its own. FYI: this is getting to the point where it needs a copyright header update. Next time please. :)