Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, or for other purposes. The specification was written by OLPC but never fully implemented.
This feature is looking for someone to adopt it.
- Targeted release:
- Last updated:
- Percentage of completion: 10%
Benefit to Sugar
Signed bundles would allow deployments to guarantee that bundles were created by the holder of specific key.
The signing tools are available at http://dev.laptop.org/git/projects/olpc-contents/
Support for parsing the format, maintaining "root keys", and displaying the keys via some user interface would need to be implemented in Sugar.
How To Test
This needs to be fleshed out. But, when a bundle is signed, the user would likely see some information in the Journal indicating who signed it.
We could switch from .xo to .rpm or another format with built-in support for signing.
Comments and Discussion
You can add categories to tie features back to real deployments/schools requesting them, for example [[Category:Features requested by School Xyz]]