Hi, * Uwe Hermann <uwe@hermann-uwe.de> [2007-01-10 18:18]: > On Tue, Jan 09, 2007 at 11:51:24PM +0100, Nico Golde wrote: > > * Marcos Daniel Marado Torres <Marcos.Marado@sonae.com> [2007-01-09 17:36]: > > > Second Life is a popular graphical online virtual world by Linden Lab. > > > > > > Linden Lab is making the source code for the Second Life Viewer (how > > > they call the client) available to everyone, licensed as GPL with one > > > exception. > > > > Dont package this unless you want a bunch of RC bugs, its > > highly insecure. For a few details > > look: > > http://blog.fefe.de/?ts=bb5cad1f > > Sorry its in german but if you look at the code examples it > > should be clear. > > Yeah, well. Sure the code should be fixed and secured (which will > probably happen in the future now the code is open). Hopefully! > But honestly, we already have tons of similarly insecure code in Debian, > I wouldn't use this as a reason not to package it... In this case it would be possible to write a script which wates for the package entering the archive and filing lots of RC bugs so at least it should be worth the effort to patch the bugs before uploading. Anyway there is no policy for this, do what you are comfortable with and just keep the bugs in mind. > A note in README.Debian warning the users and/or listing ways to > mitigate the risks would be good, though. Good idea. Kind regards Nico -- Nico Golde - http://www.ngolde.de JAB: nion@jabber.ccc.de - GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons, gimme a keyboard with 103/104/105 keys!
Attachment:
pgpygm8ql0SrX.pgp
Description: PGP signature