Soft skrev:
On Wed, Oct 8, 2008 at 6:28 AM, Anders Arnholm <[EMAIL PROTECTED]> wrote:
Yes. That was not intentional. A well-intended dev edited the release
notes, which should only be maintained by a member of the release
team. That shouldn't repeat.
Peronally i think that was good, made
On Wed, Oct 8, 2008 at 6:28 AM, Anders Arnholm <[EMAIL PROTECTED]> wrote:
>
> In this case I have to object, the details on how to write the exploit was
> in the release note.
Yes. That was not intentional. A well-intended dev edited the release
notes, which should only be maintained by a member o
We're in the process of roughing out something like that exactly.
These are my meeting notes from a discussion we held about this. This
is draft only, not set policy. Again, feedback is welcome:
* Security release
** How do we want to handle security source releases in the future?
** Ideal process
Soft skrev:
The least "widely used" viewer we shared source with has about 6
users. It's honestly not a numbers game, which is why Rob said "widely
available," not "widely used." We were reaching out to known viewer
maintainers in advance of a full public source disclosure in order to
reduce the
Would it not be worth considering some kind of rapid deployment program
that developers can choose to sign up to, to receive patches early
providing they've agreed to non disclosure?
This would mean that the serious developers could get the source they
need as early as possible, without having
The least "widely used" viewer we shared source with has about 6
users. It's honestly not a numbers game, which is why Rob said "widely
available," not "widely used." We were reaching out to known viewer
maintainers in advance of a full public source disclosure in order to
reduce the chance of the
Personally i'd be rather more worried about this attitude of "you must
have a widely-used alternative viewer to get this apparently vital
security update". They aren't telling people it's ok to violate the
GPL as-such, since I doubt they'll allow it after this incident.
How many users must an alte
Tateru Nino wrote:
> I think the intention was for the binaries to be redistributable, as a
> special exception - though the source availability would obviously be
> delayed a day or so. A quick email should sort that out for sure, though.
If Linden Lab is giving people permission to violate the G
On Mon, 06 Oct 2008 19:24:48 -0700, Rob Lanphier wrote:
> Clarification on source code access: We're going to delay the general
> release of the source code until tomorrow. Early access to the source
> code for this fix are available on an as needed basis to developers of
> some widely available
Anders Arnholm wrote:
> Anders Arnholm skrev:
>> To be honest the release note and the vunurable code is what is
>> needed to make a attack code, the patch for fix it not ac much. It's
>> pretty clear how to make the code as i said in the forum about this
>> relase, the holding the code back only
Anders Arnholm skrev:
To be honest the release note and the vunurable code is what is needed
to make a attack code, the patch for fix it not ac much. It's pretty
clear how to make the code as i said in the forum about this relase,
the holding the code back only makes it take longer till all vie
Ambrosia skrev:
Um, Gordon.
Rob said 3rd party viewer creators can contact him and ask for the
source code in advance.
Which will be released to the public tomorrow, so either way tomorrow
3rd party coders can patch the fix into the most ancient viewers there
are.
While I understand the frustr
Um, Gordon.
Rob said 3rd party viewer creators can contact him and ask for the
source code in advance.
Which will be released to the public tomorrow, so either way tomorrow
3rd party coders can patch the fix into the most ancient viewers there
are.
While I understand the frustration about no imm
So this is essentially a huge fuck you to all the third party viewer makers
and users since while I'd guess the vast majority of third party viewers are
using the old code solely for the old UI and graphics if nothing else you
have essentially told them don't bother because with one or two days not
Provided, of course, that the source code being withheld is entirely
Linden Lab code.. if the fix involved any third party source then there
might be complications.
~T
Tateru Nino wrote:
No, they hold copyright on the source code. The rest of us must comply
with the GPL as our only rights to
No, they hold copyright on the source code. The rest of us must comply
with the GPL as our only rights to access the source code. The Lab
obviously does not have that restriction, as they are the source of
copyright provenance.
Jay Reynolds Freeman wrote:
> Under the GNU license, do you have a cho
On 10/06/2008 07:49 PM, Jay Reynolds Freeman wrote:
> Under the GNU license, do you have a choice? Don't you have to
> make source available as soon as you release an application?
Linden Lab is GPL licensors, not GPL licensees, so we're not bound to
the terms of the GPL.
> (Not being so much nit-p
Under the GNU license, do you have a choice? Don't you have to
make source available as soon as you release an application?
(Not being so much nit-picky as irked: I was working on something
in a local client build and am interrupted ...)
-- Jay Reynolds Freeman
-
[EMAIL PRO
As I said, contact me if you have a widely-available viewer that you
need to patch. Contact me if you have other circumstances that make it
difficult for you to wait until tomorrow.
Rob
On 10/06/2008 07:34 PM, Thomas Grimshaw wrote:
> What is the security flaw? Is there a jira with a source patc
What is the security flaw? Is there a jira with a source patch available
for those who need a more urgent fix?
Tom
Rob Lanphier wrote:
Clarification on source code access: We're going to delay the general
release of the source code until tomorrow. Early access to the source
code for this fix
Clarification on source code access: We're going to delay the general
release of the source code until tomorrow. Early access to the source
code for this fix are available on an as needed basis to developers of
some widely available viewers (contact me for details). General source
code access sh
21 matches
Mail list logo
