On 3/25/20 1:58 PM, Mark Waddingham via use-livecode wrote:
However there are two rules which must be followed:
1) Downloaded code must not allow the app to access any more system
provided APIs that it could before.
2) Downloaded code must not allow the app to 'morph' (as Richard put
it) into something even slightly unrelated to what it was at the point
of review; nor should it add significantly different features
(particularly in terms of UI).
In practice conforming to (1) is easy - you aren't allowed to download
LCB extensions, loading them at runtime, which use FFI to access system
functions.
My reading of 1) is that LCB extensions that use FFI are allowed as long
as they don't expand the attack surface by introducing new system api
calls that the app doesn't already use.
But then I'm not in a position to make, review, or enforce those rules.
--
Mark Wieder
ahsoftw...@gmail.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
