I got to say this worries me too. Not the fact that Gnash exists, of course not, but that its developers could (potentially) dilute the quality of the platform by introducing something that's arguably less secure than the 'real' Flash Player.
I think we have discussed the legality of an open source Flash Player once before... Can someone remind me what the outcome of that discussion was? If I put myself in Adbobe shoes for a moment and consider the amount of time and money spent on building the Player and getting the platform to the stage it is at now then I would be *very* worried about an open source Player which possibly (and maybe knowingly) opens crossdomain doors. It would not matter that only 0.001% of users run such a Player - it's very existence would concern me. I think some developers seriously underestimate the amount of work that has gone into this platform and how easy it would be to cause damage to it. It's one thing to build a compiler, it's quite another to build a Player. Much greater responsibility lies with the latter. Stefan > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alias > Sent: 30 January 2006 20:57 > To: Open Source Flash Mailing List > Subject: [osflash] [Slightly OT] Gnash & the security model > > Hi guys, > > I've been lurking on the Gnash mailing list for a while, but > felt compelled to speak out when the discussion turned to the > security model. > > Currently, there's talk about completely disregarding the > crossdomain security policy in the Gnash player, leaving > Gnash wide open to crossdomain scripting attacks. I'm just > wondering how people feel about this... > > Although Gnash is a minor concern now, there is also movement > from the mozilla foundation towards bundling it with Firefox, > which could mean massive uptake of the player. This could > concievably give it leverage as an alternative (or default) > install of the flash player. > > How do people feel about this? I'm definitely happy about the > existence of Gnash, but I'm worried about the potential for > abuse should the security precautions be discarded, and, more > significantly, about the potential for fragmentation of the platform. > > So my question is this - what would be the likely > consequences, to the flash ecosystem, sould an alternative > flash compatible platform gain, say (hypothetically) 20% of > the market? How likely would this be to change the way you > author flash content? Does it seem like a major concern? What > if the two versions were not functionally identical? I feel > that this could be detrimental to everyone. > > Just speculating, > Alias > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
