[IAEP] Activity Authentication - Questions about legal liability
David Farning
dfarning at sugarlabs.org
Sun Feb 8 13:33:05 EST 2009
Luke,
Take a look at how mozilla handles content at addons.sugarlabs.org.
They have pretty sane way of handling the issue.
The eclipse.org ecosystem has a more ridged yet fairly usable control mechanism.
David
On Mon, Feb 9, 2009 at 12:04 PM, Luke Faraone <luke at faraone.cc> wrote:
> Walter, (cc'd to list)
>
> There was a recent discussion on #sugar about how to handle authentication
> and signatures for library and activity bundles. One of the models we
> considered which is most attractive from a ease-of-use and technical
> standpoint is that of a centralized "Sugar Labs signing authority" which
> would give trusted developers the ability to digitally sign activities
> posted on addons.sl.o as Untampered, Safe, and Trusted.
>
> This is a Good Thing(tm), because it allows the user to verify that his
> documents are not modified in transit, that they are fairly accurate,
> etcetera.
>
> It may pose as a legal liability for Sugar Labs, however, as Ivan pointed
> out: Chains of trust represent also a chain of legal liability, and whoever
> is on top is painting a giant "sue me" target on their back if anyone below
> screws up, gives incorrect information, or information that's used
> incorrectly.
>
> Could ask your contacts at the SFLC to assess SL's liability in this
> situation?
>
> --
> Luke Faraone
> http://luke.faraone.cc
>
> _______________________________________________
> IAEP -- It's An Education Project (not a laptop project!)
> IAEP at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/iaep
>
More information about the IAEP
mailing list