Christopher Omega wrote:
I dont think implementing the upload payment in libsecondlife would be
a good long-term solution. When LL does patch this problem and make
the deduction serverside, 3rd party devs may receive lots of users
complaining about a L$20 upload fee (both libSL and LL are deducting
L$10).
Of course, this scenario assumes LL implements the server-side
deduction in a non-smart way. I am very skeptical about LL's devs
taking into account 3rd party clients - I doubt every one of their
devs knows about libSL, and the dev who codes the fix might just be
one who doesnt.
I am for leaving the L$10 deduction out of the sourcecode, but only
while putting lots of pressure on LL to fix the hole serverside.
------------------------------------------------------------------------
Maybe this description of how libsl works would alleviate some worries.
The library more or less consists of two layers, the low layer
networking code including packet construction, callback handling, etc.
and the high level abstractions of things like avatars, inventories,
parcels, etc. Client applications have access to both of these. What
we're proposing is that the high level client.Assets.Upload*() functions
will implement the protocol according to how it's done in the official
client, which is to upload the asset, and then issue a
MoneyTransferRequest to a uuid of 0, for the amount specified in the
EconomyData packet. This doesn't prevent any clients from constructing
packets using libsecondlife.Packets.Transfer.AssetUploadRequest() and
implementing their own method of uploading that doesn't follow the
current protocol. If we were to purposely leave part of the protocol
(the sending money to uuid 0) unimplemented and leave it up to client
authors to implement it themselves, the library would be putting authors
and end users in danger.
From brief chats with the LL devs, I get the impression that if this
were a trivial fix it would have been done on day one when they were
aware of the potential exploit. Charging for uploads appears to be
something that was hacked on to the protocol at some point in time, and
would need some real time devoted to doing it properly. I doubt the hole
will be present for a long time, but I'm thinking it's here to stay for
the short and possibly mid term.
John
_______________________________________________
libsecondlife-dev mailing list
libsecondlife-dev@gna.org
https://mail.gna.org/listinfo/libsecondlife-dev
