Features/Signed Bundles

Summary
Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, or for other purposes. The specification was written by OLPC but never fully implemented.

Owner
This feature is looking for someone to adopt it.

Current status

 * Targeted release:
 * Last updated:
 * Percentage of completion: 10%

Detailed Description
See Contents_manifest_specification

Benefit to Sugar
Signed bundles would allow deployments to guarantee that bundles were created by the holder of specific key.

Scope
The signing tools are available at http://dev.laptop.org/git/projects/olpc-contents/

Support for parsing the format, maintaining "root keys", and displaying the keys via some user interface would need to be implemented in Sugar.

User Experience
This needs to be fleshed out. But, when a bundle is signed, the user would likely see some information in the Journal indicating who signed it.

Contingency Plan
We could switch from .xo to .rpm or another format with built-in support for signing.

Comments and Discussion

 * See |discussion tab for this feature

You can add categories to tie features back to real deployments/schools requesting them, for example Category:Features requested by School Xyz