I make a distinction between game and engine code, a framework or engine has a higher responsibility to stay secure due to a much larger userbase (and thus a larger propagation of said bug)CuteAlien wrote:*sigh* I should have quoted. My whole post was more or less about this:I was only mentioning mods at end. And yes - they are a security problem. But they are that in most games really. If you install any game-mods you are usually putting yourself at risk (you have no chance knowing which games might actually have cared more or less about security as there are no public security reviews for games so far to my knowledge). But sure, it's nice if people made them more secure and we should help out when we canAny game let's you use custom models by simply replacing a model, so technically any irrlicht powered game is vulnerable to such an exploit
However, as with any philosophy there's need not be one correct answer - it's all coding religion really, some swear by OOP, others condemn it. Some swear by GC, other's don't. Some swear by safe code, other's throw caution to the wind.
Fair enough, that's why I volunteered to at least attempt to 'fix' these loaders.CuteAlien wrote:And in our case it's not really a philosophy thing. It's simply that we got lots of loaders written by lots of people - none of which are still active working at Irrlicht. We don't have the manpower and/or knowledge to do security reviews.