[sldev] OpenID & SSL certificates

Ryan McDougall ryan at ngigroup.com
Mon Oct 1 20:05:00 PDT 2007

Previous message: [sldev] OpenID & SSL certificates
Next message: [sldev] OpenID & SSL certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2007-10-01 at 21:38 -0500, Argent Stonecutter wrote:
> 
> If you have a compromised SL viewer you don't have to attack  
> anything. You already have the golden ring, you've won. 

Actually I thought the goal was to protect the user's valuables,
specifically L$, but also his in game assets.

> And at the same time you're requiring me, if I want  
> to download the source and build my own copy of the SL client to  
> connect to SL, to go through certification rigamarole every time I do  
> a test run?

Only if you care if your users get told that they may be running an
unknown viewer. If you care and have a large user base, you download GPG
and create a key, then publish it -- that simple. All the linux distros'
package security currently works like this. If you run an unsigned RPM,
you get a warning, caveat emptor.

Cheers,

Previous message: [sldev] OpenID & SSL certificates
Next message: [sldev] OpenID & SSL certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list