[sldev] 3rd party viewer policy post on blogs.secondlife.com

[Anders Arnholm]

The big problem is whan you send your viewer out, if it should be in any
whay possible to send data to the server "HEY I'm the good viewer from
Balp. My secret is, ALLEN" The users computer have to get the secret,
The minute the user have the secret oin there own computer that can
extraxt it. Put in into there own what ever to tell the servers "HEY
I'm the good viewer from Balp. My secret is, ALLEN". This will make any
try to use this for any identifications on the LL side impossible.

A signed key for the developer could thou with great success be used to
give the user information that LL have some agreement with the person
creating this viewer.

So as a system to help users choose good viewer thisn could help.
Maybe it could help to fucos development of some viewers into makeing
features LL don't like adjusted.

For the key handeling there is already a great system called PGP, sadly
users are to bad educated to use pgp-signatures to verify the downloads.

On Wed, Oct 21, 2009 at 12:13:25PM -0200, Tigro Spottystripes wrote:
> How about somthing lke this, people who LL trust to make good viewers
> get a  key to sign their binaries, the source code as it has been
> pointed out already is tooo pliable to be trusted. Viewers that got the
> LL signature are viewers that were copiled into binary by people LL trusts.

-- 
      o_   Anders Arnholm,
 o/  /\    anders at arnholm.se
/|_, \\    http://anders.arnholm.se/
/
`
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20091021/d881450a/attachment.pgp