[opensource-dev] Anyone playing with Android and Second Life?

[Tateru Nino]

On 29/12/2010 3:12 AM, Robin Cornelius wrote:
> On Tue, Dec 28, 2010 at 4:05 PM, Tateru Nino<tateru.nino at gmail.com>  wrote:
>
>>> So that avoids 2.e
>> I'd be more concerned about capabilities URIs, myself. The login
>> credentials are only the front-gate.
>>
> Thats absolutly true, and it would be trivial to inject a pay packet
> or any other packet into the data stream. But its probably far far
> easier to place malicious code in a TVP binary. So unless you are
> going to download the source to a TPV and diff it against LL code
> base, then compile yourself (ensuring all dependencies are also
> provided by LL/built by yourself), are you really any more at risk? ,
> i'm just being a bit of a devils advocate here, my first comments were
> a literal comparison of if they met the TPV rules for listing.
Ultimately it all comes down to trust, yes - regardless of who provides 
the application.

-- 
Tateru Nino
http://dwellonit.taterunino.net/