[IAEP] Activity Authentication - Questions about legal liability
Luke Faraone
luke at faraone.cc
Sun Feb 8 13:04:11 EST 2009
Walter, (cc'd to list)
There was a recent discussion on #sugar about how to handle authentication
and signatures for library and activity bundles. One of the models we
considered which is most attractive from a ease-of-use and technical
standpoint is that of a centralized "Sugar Labs signing authority" which
would give trusted developers the ability to digitally sign activities
posted on addons.sl.o as Untampered, Safe, and Trusted.
This is a Good Thing(tm), because it allows the user to verify that his
documents are not modified in transit, that they are fairly accurate,
etcetera.
It may pose as a legal liability for Sugar Labs, however, as Ivan pointed
out: Chains of trust represent also a chain of legal liability, and whoever
is on top is painting a giant "sue me" target on their back if anyone below
screws up, gives incorrect information, or information that's used
incorrectly.
Could ask your contacts at the SFLC to assess SL's liability in this
situation?
--
Luke Faraone
http://luke.faraone.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/iaep/attachments/20090208/85916c30/attachment.htm
More information about the IAEP
mailing list