On 15 March 2011 11:01, Ed McNierney <e...@laptop.org> wrote: > Sridhar - > > Yes, that's correct. Multiple valid keys weakens security, since the same > rights can be obtained from multiple sources. > > Handling your own key-issuing authority is something we fully support, but it > is a complex and substantial undertaking. It requires a reasonable > commitment to both initial and ongoing staffing infrastructure on your end. > I won't advise you not to consider it, but if you're considering it you > should take it very seriously. > > That is particularly true if you are interested in replacing OLPC's various > keys with your own (rather than adding to them). If you do so you can get > yourself into situations in which no one else can help you. The very > well-organized and professional team at Plan Ceibal (who replace OLPC's keys > with their own) have had a few difficulties in the field. It's also > important to realize that you'll need to provide support to Quanta's > manufacturing team. Sometimes laptops require reworking due to test > failures, and that can require them to be unlocked; if they're not using > OLPC's keys you'll have to be able to provide those keys yourself.
Thanks for that, Ed. At this point, we are having our deployment keys applied to XOs in the factory and field in addition to the standard OLPC keys. Our XOs are not developer locked, but I'm creating the option to lock them later on should the situation ask for it. It likely will be quite a while before we seriously consider it. Sridhar _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
