Luke, Take a look at how mozilla handles content at addons.sugarlabs.org. They have pretty sane way of handling the issue.
The eclipse.org ecosystem has a more ridged yet fairly usable control mechanism. David On Mon, Feb 9, 2009 at 12:04 PM, Luke Faraone <l...@faraone.cc> wrote: > Walter, (cc'd to list) > > There was a recent discussion on #sugar about how to handle authentication > and signatures for library and activity bundles. One of the models we > considered which is most attractive from a ease-of-use and technical > standpoint is that of a centralized "Sugar Labs signing authority" which > would give trusted developers the ability to digitally sign activities > posted on addons.sl.o as Untampered, Safe, and Trusted. > > This is a Good Thing(tm), because it allows the user to verify that his > documents are not modified in transit, that they are fairly accurate, > etcetera. > > It may pose as a legal liability for Sugar Labs, however, as Ivan pointed > out: Chains of trust represent also a chain of legal liability, and whoever > is on top is painting a giant "sue me" target on their back if anyone below > screws up, gives incorrect information, or information that's used > incorrectly. > > Could ask your contacts at the SFLC to assess SL's liability in this > situation? > > -- > Luke Faraone > http://luke.faraone.cc > > _______________________________________________ > IAEP -- It's An Education Project (not a laptop project!) > IAEP@lists.sugarlabs.org > http://lists.sugarlabs.org/listinfo/iaep > _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep