what are users going to use to patch their viewers?
remember. the vast majority of SL users do not compile the viewer from
source, they download it from the SL website.
On Dec 26, 2008, at 3:44 PM, [email protected] wrote:
On 26 Dec 2008, at 17:01, [email protected] wrote:
so.. for the sake of discussion.. let's assume the following
discussion is
true "there is a serious exploit in the current LL viewer code
which will
lead to disclosure of sensitive user information, compromise of
systems
running the client, illegal asset or funds transfer and global
thermonuclear war."
if a security researcher out in the trenches discovers a
vulnerability,
disclosing it widely before a fix is available is clearly bad for
not only
Linden, but for the user community. nuclear war is generally bad for
everybody...
..."telling everybody about a security vulnerability before
remediation is
available is bad."
I am sorry but I'm afraid that that really doesn't make the case at
all. Your post ignores any potential benefit granted to users by
knowing what an exploit is and how to counteract it before it is
once-and-for-all fixed on the server side by LL. The overall impact
is still better if users have the chance to patch and adapt before
fixes are available if fixes don't arrive almost immediately. Which
they may well not do.
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/SLDev
Please read the policies before posting to keep unmoderated posting privileges
