Hello,
I am using composedb and I was wondering if is there any risk making public the created composites (created using my private key) in a repository, in order to let the users/developers use these composites to deploy these to their local ceramic nodes and index information with these local ceramic nodes (risk in terms of information as I saw the json has information like signature, protected, link…).
Thanks a lot!
Making a composite public is an act we only encourage. When you share a composite, other developers can re-use the same data models on their nodes.
While creating a composite, you sign some bytes with your private key. The signature becomes part of the composite. signature, protected, link - are effectively parts of the signature, made in DAG-JWS format.
The private key is at your full possession at all times, and is not leaked through composite. The signature can not leak the private key. So, making a composite public is a safe and encouraged act.