[Etoys] Key generation
bert at freudenbergs.de
Fri Oct 20 08:46:47 EDT 2006
Well, Michael is a bit unsure ;-)
The key might still be in use for signing projects when publishing.
If you download a project that was signed with your own key, the
sandbox is not switched on. So having a single key for all users
would be bad, because everyone would be trusted. Having no key means
everyone would be distrusted, which is what we want I think.
We would have to test if projects are still interchangeable between
machines with and without key (remember to remove the key from the
secure directory). It might be that some file offset changes if the
key is taken out.
- Bert -
Am 20.10.2006 um 14:05 schrieb Scott Wallace:
> I'll ask Andreas about this later today.
> Meanwhile, perhaps Bert could speak with Michael about it as well.
> Couldn't hurt to have the advice of the world's two leading
> authorities on this subject...
> -- Scott
> On Oct 19, 2006, at 1:32 PM, Yoshiki Ohshima wrote:
>>> Anyway... it appears that disabling the #automaticKeyGeneration
>>> preference keeps the key-generation from happening at start-up, yet
>>> still allows publishing and loading projects, and still uses
>>> as the default directory. Maybe that's all that's needed.
>> I would think so. Did you try to load a project published from an
>> image in a directory into another image in another directory?
>>> Or perhaps, for this build, would it make sense simply to include a
>>> pre-built squeak.keys file alongside the image, and not otherwise
>>> tamper with the security settings?
>> Yeah, I thought about this but I think it adds unnecessary
>> -- Yoshiki
>> Etoys mailing list
>> Etoys at laptop.org
> Etoys mailing list
> Etoys at laptop.org
More information about the etoys-dev