Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Design document for Node Interface Definition Language (IDL) #266

Open
wants to merge 22 commits into
base: gh-pages
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
missed line break
Co-Authored-By: Jacob Perron <jacob@openrobotics.org>
  • Loading branch information
artivis and jacobperron authored Nov 25, 2019
commit 45d49193dff0fd9645f18cbaeb3e60eba17a6cff
3 changes: 2 additions & 1 deletion articles/ros_node_idl.md
Original file line number Diff line number Diff line change
@@ -57,7 +57,8 @@ Currently policy files can be created in one of two ways:
- A snapshot of the live ROS 2 graph can be taken and written into a policy that covers its current state via `ros2 security generate_policy`.

While the first option is obviously very tedious and error-prone, the second only partially alleviates the burden due to the fact that it cannot fully cover the dynamic nature of a ROS 2 graph and all of its interactions.
More problematic than these issues, though, is that both options put the onus of security squarely on the shoulders of end users. This introduces two problems:
More problematic than these issues, though, is that both options put the onus of security squarely on the shoulders of end users.
This introduces two problems:

While developers will be able to define the set of rules securing their own ROS 2 nodes, the nodes developed in-house are often outnumbered by upstream components when it comes to the entire node graph, and the developers are typically not experts in every component being used.
Without that expertise, the entire node graph cannot be properly locked down.