On 3/25/20 1:58 PM, Mark Waddingham via use-livecode wrote:
However there are two rules which must be followed:
1) Downloaded code must not allow the app to access any more system
provided APIs that it could before.
2) Downloaded code must not allow the app to 'morph' (as Richard put
it) into something even slightly unrelated to what it was at the point
of review; nor should it add significantly different features
(particularly in terms of UI).
In practice conforming to (1) is easy - you aren't allowed to download
LCB extensions, loading them at runtime, which use FFI to access system
functions.
My reading of 1) is that LCB extensions that use FFI are allowed as long
as they don't expand the attack surface by introducing new system api
calls that the app doesn't already use.
But then I'm not in a position to make, review, or enforce those rules.
--
Mark Wieder
[email protected]
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
