On 29/12/2010 3:12 AM, Robin Cornelius wrote: > On Tue, Dec 28, 2010 at 4:05 PM, Tateru Nino<tateru.n...@gmail.com> wrote: > >>> So that avoids 2.e >> I'd be more concerned about capabilities URIs, myself. The login >> credentials are only the front-gate. >> > Thats absolutly true, and it would be trivial to inject a pay packet > or any other packet into the data stream. But its probably far far > easier to place malicious code in a TVP binary. So unless you are > going to download the source to a TPV and diff it against LL code > base, then compile yourself (ensuring all dependencies are also > provided by LL/built by yourself), are you really any more at risk? , > i'm just being a bit of a devils advocate here, my first comments were > a literal comparison of if they met the TPV rules for listing. Ultimately it all comes down to trust, yes - regardless of who provides the application.
-- Tateru Nino http://dwellonit.taterunino.net/ _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
