Features/Signed Bundles
Summary
Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, or for other purposes. The specification was written by OLPC but never fully implemented.
Owner
This feature is looking for someone to adopt it.
Current status
- Targeted release:
- Last updated:
- Percentage of completion: 10%
Detailed Description
See olpc:Contents_manifest_specification
Benefit to Sugar
Signed bundles would allow deployments to ensure that bundles were created by
Scope
The signing tools are available at http://dev.laptop.org/git/projects/olpc-contents/
Support for parsing the format, maintaining "root keys", and displaying the keys via some user interface would need to be implemented into Sugar.
How To Test
Features/Signed Bundles/Testing
User Experience
This needs to be fleshed out. But, when a bundle is signed the user would likely see some information in the Journal indicating who signed it.
Dependencies
Contingency Plan
We could switch from .xo to .rpm or another format with built in support for signing.
Documentation
Release Notes
Comments and Discussion
You can add categories to tie features back to real deployments/schools requesting them, for example [[Category:Features requested by School Xyz]]