(last updated 2007-06-07) Name : John Palmieri Email : johnp&redhat.com MIME media type name : Application MIME subtype name : Vendor Tree - vnd.olpc-sugar Required parameters : None Optional parameters : None Encoding considerations : binary This media type may require encoding on transports not capable of handling binary. Security considerations : Sugar application bundles are full source code packages which can be installed on the target machine and run. They are intended to run in sandboxes if not properly signed. If the sandboxes are not properly configured or a user opts to run untrusted code there will be a security risk as the application will have access to whatever the operating system gives to any other local application. As this format is meant for sharing activities there is little use for encryption defined in the format. This does not exclude activities from having their own encryption mechanisms and encrypting the data they ship though in such cases the keys reside within the executable and are vulnerable to reverse engineering. As for encrypting using public key encryption to share with specific users we may well define a container format in the future to deal with encrypting any data we might send. As for now encryption is not part of the discussion and anything in this format can be assumed to be publicly readable by whoever can obtain the bits. Interoperability considerations : The file format is intended to be used by the Sugar environment and Linux. Published specification : None Applications which use this media : The Sugar Linux Desktop system Additional information : 1. Magic number(s) : 0x584F 2. File extension(s) : .xo 3. Macintosh file type code : None 4. Object Identifiers: None Person to contact for further information : 1. Name : John Palmieri 2. Email : johnp&redhat.com Intended usage : Common For use with the Sugar environment and Linux. Author/Change controller : (file created 2007-06-07)