February 20, 2006
@ 07:00 PM

Just read this on Robert Hurlbut's blog (via Dominick, source is Doug)

As Doug indicates, the issue here is not "we don't want to do it", but that we need to ship. 

The problem is that partial trust is incredibly hard (and very time consuming) to test for a communication platform that is supposed to have rock solid security (no paradoxon here) and shall perform well. It's just as hard to provide meaningful exceptions (and -messages) in case we'd stumble into a CAS exception. You wouldn't want us to just bubble up some aribtrary security exception, but instead will want us tell you what's causing the problem and how you could fix it. There are (give or take some) 20 base permissions in the framework, most of them allow parameterization, and the system is extensible with custom permissions as well. You can do the math for where that takes you in terms of required combinations and test cases for achieving satisfying test coverage across the whole of Indigo, let alone all the special casing in the actual product code-base.

I wonder how many applications written to support partial trust actually take that complexity into account in their test strategy (hint, hint) ;-)

That said, I will clarify once more that this doesn't mean "we will never do that". It's just not possible to fit this into our V1 schedule in a way that we and you would find the outcome acceptable.