[OLPC Security] Developer Key
Simson Garfinkel
simsong at acm.org
Thu Feb 22 08:09:32 EST 2007
Last summer we discussed that all XOs to have self-signed keys and
for them to use this to sign code that students write. I don't know
how far along the implementation of this has gone.
On Feb 22, 2007, at 1:16 AM, Stephen Thorne wrote:
> On 2/22/07, Matt Anderson <mra at malloc.org> wrote:
>> ... This self-signed key would allow XO
>> students to sign applications that they've developed and allow those
>> that use these programs to have some degree of certainty as to who's
>> programs they are running....
>
> This is an interesting idea for the social aspects of the project, but
> I fear that calling it anything that could be confused with the
> "Unlock everything and break your XO and let it get stolen and sold on
> ebay" "developer key" would be a mistake.
>
> There is a security side to this - being able to have a web of trust
> of software authors. It's something that will play a role in the
> Develop activity. Andrew Clunis may have some ideas here. I believe
> he's planning to use bzr, which has the ability to sign patches.
>
> Develop Resources:
> http://wiki.laptop.org/go/Develop
> http://orospakr.is-a-geek.org/olpc
> http://bazaar-vcs.org/
>
> --
> Stephen Thorne
>
> "Give me enough bandwidth and a place to sit and I will move the
> world."
> --Jonathan Lange
> _______________________________________________
> Security mailing list
> Security at laptop.org
> http://mailman.laptop.org/mailman/listinfo/security
>
More information about the Security
mailing list