Soft skrev:
On Wed, Oct 8, 2008 at 6:28 AM, Anders Arnholm <[EMAIL PROTECTED]> wrote:
Yes. That was not intentional. A well-intended dev edited the release
notes, which should only be maintained by a member of the release
team. That shouldn't repeat.
Peronally i think that was good, made it possible to deside how
important the update was to apply, if one shoudl log out and update ort
wait for next connection or next compile.
The problem in this
case then comes with GPL, we who got the patch had to wait with releasing
the bug fix for not violating the GPL.
And that still needs to be discussed. If early limited source
disclosure becomes policy, we need to either live with having everyone
wait, or we need to find a way to allow people to release the binary
early while still complying with the licenses we offer.
It would help, but over all I don't think with holding informaition on
what the error is is a good solution, not when the fix exists, and in
this moment it does. The bad once are the fist the looks for the
problems. They don't wait for us to go over the code and find the
problems for them. With holding back the fix you don't hold back the
problem just the spead of the fix to the last users imho.
But over all the fix as clear as possible as early as possible is a good
thing there is nothing good in security by obsurity.
As repeated, that philosophy is about fortifying technology instead of
leaving holes merely because they're difficult to see. It's never been
a prescription for a project telling the world every way that it can
be hurt before taking any steps to protect itself.
Making the code available is a part of sending out the cure, over all i
think thats a better way to approct the problem. When it comes to
security I'm sure there are buffer problems caused by incoming network
traffic. I think i see an increased number of crashes when servers
behave bader, that is a typical sign of something bad in the network code.
I wish i had time to dive into that part of the code, how ever RL coding
takes to much time at the moment. Sadly no-one pay's me to hack SL code...
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/SLDev
Please read the policies before posting to keep unmoderated posting privileges
