> That means that until either the QuickTime media handler or Quartz
> Composer itself are redesigned to catch this stuff, then leaving it
> enabled means Apple has to face articles with phrases like, "The latest
> security issue allows maliciously-crafted QuickTime movies to crash the
> applications that play them, potentially losing your data. The company,
> when asked for comment, could say only that developers were over 18 and
> could make their own decisions about what risks to accept."
No that's nonsense. A Qtz file is treated as an application by the OS. It will not
autoplay, it can't be embedded in a webpage. When you download them you are prompted
"this file contains an application do you want to continue".
So .qtz files are already protected from malicious distribution by all the standard OS tools
that stop you accidently running a trojan from the internet. There is absolutely no reason to
sandbox them as they are in effect applications.
It's like removing pointers from C because you can use them to cause a memory overrun....
I agree qtzs saved as .mov files should be sandboxed but not actual qtz files or quartz
composers patches embedded in a cocoa app.
The problem here is that QC is trying to be too many things at once, a live interactive media
layer flash replacement and a modular graphics layer for applications. They need to be
seperated.
Roger
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Quartzcomposer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/quartzcomposer-dev/email@hidden
This email sent to email@hidden
