[IAEP] Activity Authentication - Questions about legal liability

Luke Faraone luke at faraone.cc
Sun Feb 8 13:04:11 EST 2009

Walter, (cc'd to list)

There was a recent discussion on #sugar about how to handle authentication
and signatures for library and activity bundles. One of the models we
considered which is most attractive from a ease-of-use and technical
standpoint is that of a centralized "Sugar Labs signing authority" which
would give trusted developers the ability to digitally sign activities
posted on addons.sl.o as Untampered, Safe, and Trusted.

This is a Good Thing(tm), because it allows the user to verify that his
documents are not modified in transit, that they are fairly accurate,

It may pose as a legal liability for Sugar Labs, however, as Ivan pointed
out: Chains of trust represent also a chain of legal liability, and whoever
is on top is painting a giant "sue me" target on their back if anyone  below
screws up, gives incorrect information, or information that's used

Could ask your contacts at the SFLC to assess SL's liability in this

Luke Faraone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/iaep/attachments/20090208/85916c30/attachment.htm 

More information about the IAEP mailing list