The least "widely used" viewer we shared source with has about 6 users. It's honestly not a numbers game, which is why Rob said "widely available," not "widely used." We were reaching out to known viewer maintainers in advance of a full public source disclosure in order to reduce the chance of the information being misused.
Working with distributions to prep a fix before full source disclosure is common with open source projects, from the Linux kernel to the most popular ssh, network filesystem and office projects. If you have suggestions for refining the process, please - speak up. But I doubt any of us would advocate dumping a future exploit in the wild before we've even started QA on the fix. On Wed, Oct 8, 2008 at 5:54 AM, Gareth Nelson <[EMAIL PROTECTED]> wrote: > Personally i'd be rather more worried about this attitude of "you must > have a widely-used alternative viewer to get this apparently vital > security update". They aren't telling people it's ok to violate the > GPL as-such, since I doubt they'll allow it after this incident. > > How many users must an alternative viewer have before it becomes > eligible for security updates? > > On Tue, Oct 7, 2008 at 10:14 PM, Jason Giglio <[EMAIL PROTECTED]> wrote: >> Tateru Nino wrote: >>> I think the intention was for the binaries to be redistributable, as a >>> special exception - though the source availability would obviously be >>> delayed a day or so. A quick email should sort that out for sure, though. >> >> If Linden Lab is giving people permission to violate the GPL by >> releasing binaries without source, then that is more of a big deal than >> the delay. Many contributors would be unhappy with that situation. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
