Features/Signed Bundles

From Sugar Labs
Jump to navigation Jump to search

Summary

Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, or for other purposes. The specification was written by OLPC but never fully implemented.

Owner

This feature is looking for someone to adopt it.

Current status

  • Targeted release:
  • Last updated:
  • Percentage of completion: 10%

Detailed Description

See olpc:Contents_manifest_specification

Benefit to Sugar

Signed bundles would allow deployments to guarantee that bundles were created by the holder of specific key.

Scope

The signing tools are available at http://dev.laptop.org/git/projects/olpc-contents/

Support for parsing the format, maintaining "root keys", and displaying the keys via some user interface would need to be implemented in Sugar.

How To Test

Features/Signed Bundles/Testing

User Experience

This needs to be fleshed out. But, when a bundle is signed, the user would likely see some information in the Journal indicating who signed it.

Dependencies

Contingency Plan

We could switch from .xo to .rpm or another format with built-in support for signing.

Documentation

Release Notes

Comments and Discussion


You can add categories to tie features back to real deployments/schools requesting them, for example [[Category:Features requested by School Xyz]]