Walter, (cc'd to list) There was a recent discussion on #sugar about how to handle authentication and signatures for library and activity bundles. One of the models we considered which is most attractive from a ease-of-use and technical standpoint is that of a centralized "Sugar Labs signing authority" which would give trusted developers the ability to digitally sign activities posted on addons.sl.o as Untampered, Safe, and Trusted.
This is a Good Thing(tm), because it allows the user to verify that his documents are not modified in transit, that they are fairly accurate, etcetera. It may pose as a legal liability for Sugar Labs, however, as Ivan pointed out: Chains of trust represent also a chain of legal liability, and whoever is on top is painting a giant "sue me" target on their back if anyone below screws up, gives incorrect information, or information that's used incorrectly. Could ask your contacts at the SFLC to assess SL's liability in this situation? -- Luke Faraone http://luke.faraone.cc
_______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep