This discussion seems to have been created with misleading intentions. Because some TPV creators don't want to reveal any personal information about themselves, they can't be posted on the TPV directory, and because of this, it's understandable they might view the directory as unfair. But, this doesn't strike me as a valid reason to criticize the list.
It's certainly valid to say that the viewers on the list are not absolutely trustworthy unless a full code audit is done, but even then, do you really know that what's in the code is the same as what's in the binary? Isn't there a limit to what LL can do, given a lack of resources to perform such audits, especially when what you download requires trust that it's the same as what they've audited? But really, trust is supposed to be provided by the fact that the viewer has indeed registered using real-life contact information, because who would give such a thing knowing they could be held liable if they indeed decided to include malicious code? In general, there is no way to certify purity here, you can only provide a level of trust as a guideline. You can't rely on babysitting the users, because LL isn't going to compile every third party's code and release the binaries themselves. In this regard, you may begin to argue that indeed, a blacklist would better serve users. I argue that this is exactly the opposite. You may be able to pick out which viewers are explicitly untrusted, but you make no statements about the trustworthiness of any others. In this situation, a user is left to choose between either a viewer which is in the grey about its status, or an official Linden viewer. This point is key, as far less warranty is provided for users that they won't be banned for using a third party viewer. I suspect that in this case, many would simply give up and use the official client rather than risk their business, etc. If you want to provide a system where users can trust the clients they use, it seems like our current one is decent enough. In any case, a blacklist doesn't appear to be any safer. Discrete On Thu, Apr 29, 2010 at 4:02 PM, Tigro Spottystripes < tigrospottystri...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > the disclaimer instead of being hidden in small print in the bottom > should be the first thing in the page, in big bold red font, to at least > start helping users be less confused about how much trust they should > put on the viewers listed > > On 29/4/2010 16:35, Kitty wrote: > > > > > ------------------------------------------------------------------------ > > *From:* opensource-dev-boun...@lists.secondlife.com > > [mailto:opensource-dev-boun...@lists.secondlife.com] *On Behalf Of > > *Ron Festa > > *Sent:* Thursday, April 29 2010 20:27 > > *To:* Henri Beauchamp > > *Cc:* opensource-dev@lists.secondlife.com > > *Subject:* Re: [opensource-dev] Viewer blacklist to replace the TPV > > directory ? > > > > Despite claiming the list is Self-Certified those viewers on the > > list still had to have their viewer reviewed by LL before being > > listed so really all the TPV's on the TPV Directory are Certified by > > LL ensuring they comply with their standards & policies. > > > > - release a viewer that's the LL source + a handful of innocent patches > > - apply for the directory and get listed > > - release a new viewer > > > > The last step doesn't invalidate the current listing as far as I know so > > I really don't see how the viewer directory could possibly be stamped as > > "reviewed by LL" by any stretch, let alone go as far as claiming that > > they're "certified by LL" as compliant. > > > > Since the reason for the directory is really end-user assurance the > > viewer directory doesn't really work in that sense because it doesn't > > actually offer much: LL still reserves the right to ban anyone just for > > using any third party viewer (whether listed or unlisted). > > > > With all the threatening (whether intended or not) language in blog > > posts or emails a lot of people are going by the assumption that > > "listed" means "I won't get banned" or that it means > > "approved/sanctioned/verified/vouched for by LL" but that's just not the > > case. It would be a lot better for any resident wanting to use any third > > party viewer to at least know that if they go by the list that their > > account isn't in jeopardy (no matter how unlikely a ban might be) for as > > long as that viewer is listed. > > > > For better or worse the perception that the viewer directory is a > > "safelist" is already there now, in spite of any disclaimers on that > > same page, and it's too late to still reverse that. Personally it seems > > best if the directory just officially became a "safelist". If a > > malicious viewer ever makes the list then that wouldn't > > undermine people's trust in any other listed viewer because LL would > > guarantee that any viewer they list is indeed "safe" in the sense that > > noone can be banned for using it, even if they accidentally list one > > that turns out to not comply (which can just simply be delisted and > > blocked at that point to prevent continued use since it would have its > > own channel or it shouldn't have ever made the list to begin with). > > > > Kitty > > > > > > > > _______________________________________________ > > Policies and (un)subscribe information available here: > > http://wiki.secondlife.com/wiki/OpenSource-Dev > > Please read the policies before posting to keep unmoderated posting > privileges > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEAREKAAYFAkvZ5b0ACgkQ8ZFfSrFHsmW2qACfX+C047g0mquAzOKhsYeiOYc+ > PFcAnRlvisG+GVzj02nF54BovwOd3Sax > =hpvO > -----END PGP SIGNATURE----- > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges >
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
