Proposal: Verify ASA Ownership for Pull Requests

[AlgoVegas]

Is there any plan to verify ASA ownership for pull requests? Currently it seems to be run on trust that someone won't attempt to upload an incorrect/unauthorised logo for another ASA.

A solution such as a signed message could be used. E.g. I open a pull request, I commit my logo(s), I create a signed message including the previous commit ID, I commit the signed message to the PR.

Take my PR 301 as an example. My commit ID is e61c5dbd9180cd6a97608725bf23735d3b72cbc7. To verify ownership I can now sign a message which includes the commit ID using my Algorand address private key:

{
	"msg": {
		"asa": "540605589",
		"commit": "e61c5dbd9180cd6a97608725bf23735d3b72cbc7"
	},
	"addr": "VEGASPDWGUX2KTFFJFVZ6IE7TPSY4NVFVOKHXZGBBERXNF3JOWOZB2PZPU",
	"sig": "s6pDjIsm9ChW+UQh58XyKqfYSxeO21VWlAvcBDyeuxt4Gpzdxx1ktLSx6eNEwvCr1AXOe\/1x1vVlQ315m8aQBQ=="
}

To verify we take the following steps:

1. Verify msg, addr and sig are present
2. Verify asa and commit are present inside msg object
3. Verify addr is the owner of msg.asa using an indexer API
4. Verify signature

[scholtz]

i like this.. and i think it would be great if there would be some json describing project, listing project links and so on..

also i would like to see the same thing for testnet tokens or other algo cochains tokens..

[Raaawrbear]

I was wondering the same thing, some verification of creator account address does seem like a great idea.