[sugar] Automatic transfer/update of activities on the mesh (Was: Sharing behavior in the core Read activity)
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Wed Mar 26 13:36:56 EDT 2008
>
> As I said in my previous email, Bitfrost clearly states (correctly, in
> my mind) that even justified belief that code originates from some known
> individual implies no trust relationship with that code. Period. Use
> isolation to make it safer to play with code and use signing to help
> reduce attackers' abilities to lie to you about what code you're going
> to be running.
>
If you take this to the extreme, then you would reset manually-granted
bitfrost privileges on every activity update, and even remove the default
"resume" behavior from the journal for instances of that activity (if it is
not the same code, it cannot be trusted to handle to handle the same data
without an explicit "resume with new version" choice by the user).
I think new versions which are from the same source should get an implied
trust level - the same trust as prior versions, which, in general, will be
strictly limited by Bitfrost. I think that the fact that such "same source"
may be the same corrupted source does not affect this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080326/d3c85b7e/attachment.html>
More information about the Devel
mailing list