[sugar] Activity signing

MBurns maburns
Sat Mar 31 19:04:17 EDT 2007


The OLPC public key will be pre-installed on the laptop. This lets a child
know that a new build is official, and can be trusted. The say is true of
each parent country, their public key(s?) will be pre-installed for safe
verification of content.

When a child writes/forks an activity, they are able to share that over the
mesh to only their friends initially (or rather, that the automatic
distribution happens that way, am I mistaken?). Since public/private keys
are done from boot, it is logical to assume that each activity released over
the mesh would be signed by the child that wrote it, as well.

Couple questions:

A child installs/accepts another child's public key when they become
friends, yes?
How do non-local developers get their keys deployed easily. For instance,
the Open Source Lab has worked on activities, and will continue to.
Something like "Watch & Listen" might be signed by OLPC (or not), but less
common/official activities likely won't be. How would children be able to
accept the Lab's key, to streamline the process? Is it on the first-run of
an OSL-signed activity? Are general developers (not official, not personal
friends of a user) not going to sign their keys by default?

-- 
Michael Burns * Open Source Lab
    Oregon State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.laptop.org/pipermail/sugar/attachments/20070331/c5e27f03/attachment.html


More information about the Sugar-devel mailing list