[Etoys] Key generation

[Bert Freudenberg]

Well, Michael is a bit unsure ;-)

The key might still be in use for signing projects when publishing.  
If you download a project that was signed with your own key, the  
sandbox is not switched on. So having a single key for all users  
would be bad, because everyone would be trusted. Having no key means  
everyone would be distrusted, which is what we want I think.

We would have to test if projects are still interchangeable between  
machines with and without key (remember to remove the key from the  
secure directory). It might be that some file offset changes if the  
key is taken out.

- Bert -

Am 20.10.2006 um 14:05 schrieb Scott Wallace:

> I'll ask Andreas about this later today.
>
> Meanwhile, perhaps Bert could speak with Michael about it as well.
>
> Couldn't hurt to have the advice of the world's two leading  
> authorities on this subject...
>
> Cheers,
>
>   -- Scott
>
>
> On Oct 19, 2006, at 1:32 PM, Yoshiki Ohshima wrote:
>
>>> Anyway... it appears that disabling the #automaticKeyGeneration
>>> preference keeps the key-generation from happening at start-up, yet
>>> still allows publishing and loading projects, and still uses  
>>> MySqueak
>>> as the default directory.  Maybe that's all that's needed.
>>
>>   I would think so.  Did you try to load a project published from an
>> image in a directory into another image in another directory?
>>
>>> Or perhaps, for this build, would it make sense simply to include a
>>> pre-built squeak.keys file alongside the image, and not otherwise
>>> tamper with the security settings?
>>
>>   Yeah, I thought about this but I think it adds unnecessary
>> complication.
>>
>> -- Yoshiki
>> _______________________________________________
>> Etoys mailing list
>> Etoys at laptop.org
>> http://mailman.laptop.org/mailman/listinfo/etoys
>
> _______________________________________________
> Etoys mailing list
> Etoys at laptop.org
> http://mailman.laptop.org/mailman/listinfo/etoys