[sldev] [META] Formal critique of new auth mechanism?

Rob Lanphier robla at lindenlab.com
Sat Sep 29 10:44:48 PDT 2007

Previous message: [sldev] [VIEWER] Authentication
Next message: [sldev] [META] Formal critique of new auth mechanism?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/29/07 8:05 AM, Dale Glass wrote:
> Nothing creates interest in alternative viewers like fixing, or at
> least working around bad ideas implemented by LL.

Alright folks, nothing here is a done deal, so here's what I really hope
happens next:

1. Let's make sure this is on the agenda of an appropriate office
hour. Since Zero's studio is involved, it probably makes the most sense
to bring it up there. I believe Zero is out of the office on Tuesday of
this week, so I'm not sure what the status of his Tuesday office hour
is, but I'm pretty sure he'll be in on Thursday. We can use the
Thursday Open Source Meeting as a venue for discussing this as well.

2. It would be really helpful if someone here volunteered to write a
formal critique, incorporating the salient points from this thread,
expanding on some of the earlier points (e.g. detail a specific example
of an XSS attack involving the proposed scheme), and providing a list of
questions that you'd most like addressed. The goal is to have something
that multiple people feel good attaching their name to; it doesn't have
to be the unanimous consensus of the list, but the more names of people
who we recognize as thoughtful contributors, the more weight it will
carry. If this can be completed in a timely manner, I'll work with the
team on a detailed response

That's not to say that the informal conversation that's happening now
can't continue, but I think the proposal above is a better path than the
one we're on to making sure the right outcome is achieved and that the
most people understand why its the right outcome. If we rely solely on
this email thread, our response is almost certainly going to be
fragmented and incomplete; we'll probably waste time responding to
points most people don't care about, miss points that everyone feels are
essential, and likely (due to human nature) respond to the weakest
expression of the strongest points. Proposals for alternate process are
also welcome.

Rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070929/d5b72dcd/signature.pgp

Previous message: [sldev] [VIEWER] Authentication
Next message: [sldev] [META] Formal critique of new auth mechanism?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list