Features/Signed Bundles

From Sugar Labs
< Features
Revision as of 07:42, 1 October 2009 by Wade (talk | contribs) (Created page with '<noinclude>{{GoogleTrans-en}}{{TOCright}}</noinclude> == Summary == Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

Signed bundles are bundles which have been cryptographically signed to verify the identity of their creator, or for other purposes. The specification was written by OLPC but never fully implemented.

Owner

This feature is looking for someone to adopt it.

Current status

  • Targeted release:
  • Last updated:
  • Percentage of completion: 10%

Detailed Description

See olpc:Contents_manifest_specification

Benefit to Sugar

Signed bundles would allow deployments to ensure that bundles were created by

Scope

The signing tools are available at http://dev.laptop.org/git/projects/olpc-contents/

Support for parsing the format, maintaining "root keys", and displaying the keys via some user interface would need to be implemented into Sugar.

How To Test

Features/Signed Bundles/Testing

User Experience

This needs to be fleshed out. But, when a bundle is signed the user would likely see some information in the Journal indicating who signed it.

Dependencies

Contingency Plan

We could switch from .xo to .rpm or another format with built in support for signing.

Documentation

Release Notes

Comments and Discussion


You can add categories to tie features back to real deployments/schools requesting them, for example [[Category:Features requested by School Xyz]]