Is there any plan to verify ASA ownership for pull requests? Currently it seems to be run on trust that someone won't attempt to upload an incorrect/unauthorised logo for another ASA.
A solution such as a signed message could be used. E.g. I open a pull request, I commit my logo(s), I create a signed message including the previous commit ID, I commit the signed message to the PR.
Take my PR 301 as an example. My commit ID is e61c5dbd9180cd6a97608725bf23735d3b72cbc7. To verify ownership I can now sign a message which includes the commit ID using my Algorand address private key:
{
"msg": {
"asa": "540605589",
"commit": "e61c5dbd9180cd6a97608725bf23735d3b72cbc7"
},
"addr": "VEGASPDWGUX2KTFFJFVZ6IE7TPSY4NVFVOKHXZGBBERXNF3JOWOZB2PZPU",
"sig": "s6pDjIsm9ChW+UQh58XyKqfYSxeO21VWlAvcBDyeuxt4Gpzdxx1ktLSx6eNEwvCr1AXOe\/1x1vVlQ315m8aQBQ=="
}
To verify we take the following steps:
- Verify
msg, addr and sig are present
- Verify
asa and commit are present inside msg object
- Verify
addr is the owner of msg.asa using an indexer API
- Verify signature
Is there any plan to verify ASA ownership for pull requests? Currently it seems to be run on trust that someone won't attempt to upload an incorrect/unauthorised logo for another ASA.
A solution such as a signed message could be used. E.g. I open a pull request, I commit my logo(s), I create a signed message including the previous commit ID, I commit the signed message to the PR.
Take my PR 301 as an example. My commit ID is
e61c5dbd9180cd6a97608725bf23735d3b72cbc7. To verify ownership I can now sign a message which includes the commit ID using my Algorand address private key:To verify we take the following steps:
msg,addrandsigare presentasaandcommitare present insidemsgobjectaddris the owner ofmsg.asausing an indexer API