[OLPC Security] Developer Key
Matt Anderson
mra at malloc.org
Thu Feb 22 11:47:50 EST 2007
So then do you think this is outside the scope of the Bitfrost spec?
It seems to me that for the purposes of authentication that it is
something that should be covered by a security spec.
-matt
On Thu, Feb 22, 2007 at 08:09:32AM -0500, Simson Garfinkel wrote:
> Last summer we discussed that all XOs to have self-signed keys and
> for them to use this to sign code that students write. I don't know
> how far along the implementation of this has gone.
>
> On Feb 22, 2007, at 1:16 AM, Stephen Thorne wrote:
>
> >On 2/22/07, Matt Anderson <mra at malloc.org> wrote:
> >>... This self-signed key would allow XO
> >>students to sign applications that they've developed and allow those
> >>that use these programs to have some degree of certainty as to who's
> >>programs they are running....
> >
> >This is an interesting idea for the social aspects of the project, but
> >I fear that calling it anything that could be confused with the
> >"Unlock everything and break your XO and let it get stolen and sold on
> >ebay" "developer key" would be a mistake.
> >
> >There is a security side to this - being able to have a web of trust
> >of software authors. It's something that will play a role in the
> >Develop activity. Andrew Clunis may have some ideas here. I believe
> >he's planning to use bzr, which has the ability to sign patches.
> >
> >Develop Resources:
> >http://wiki.laptop.org/go/Develop
> >http://orospakr.is-a-geek.org/olpc
> >http://bazaar-vcs.org/
> >
> >--
> >Stephen Thorne
> >
> >"Give me enough bandwidth and a place to sit and I will move the
> >world."
> > --Jonathan Lange
> >_______________________________________________
> >Security mailing list
> >Security at laptop.org
> >http://mailman.laptop.org/mailman/listinfo/security
> >
>
>
More information about the Security
mailing list