[sldev] [POLICY] Development by consensus (Re: Question regarding upcoming maintenance on 11/27-11/28)

Argent Stonecutter secret.argent at gmail.com
Fri Nov 23 10:17:12 PST 2007


On 23-Nov-2007, at 11:43, Ryan Williams (Which) wrote:
> I think what's being overlooked here is that Sabin wrote a followup  
> about how the team responded to the concerns expressed on the  
> mailing list.  I notice that it didn't have any replies to it, so  
> maybe people simply didn't see it?  If you read it now, it's clear  
> that the design was changed substantially in response to the  
> concerns expressed here.

I read it but waited to see what the followup in Zero's office hours  
was. If there was anything discussed there I didn't see it.

Mainly, it didn't seem to be all that different. It only addresses  
one of the four main issues that people have brought up: cross-site  
attacks.

* It still makes phishing easier by requiring people to *always* use  
a web page to log in to SL.
* It doesn't seem to address alts at all.
* It doesn't address multiple viewers.

The best thing about it is that it does say that the existing login  
mechanism will continue to work, so an alternate viewer that uses the  
existing mechanism can be created... so I suppose it will encourage  
people to use third-party viewers.



More information about the SLDev mailing list