Hi,
One feature that is easily addable and will certainly make installing python on vista nicer, is to add authenticode signing to the install.
I'm +1 on authenticode.
This I question very much. I experimented with authenticode before 2.4, and found it an unacceptable experience. When the MSI file starts running, installer needs to verify the signature, for which it needs to compute a hash of the entire file. For the Python MSI, this takes many seconds on a slower Pentium 4 machine. During that time, there is no visual feedback, so users are uncertain whether they have actually invoked the MSI file at all.
Currently the user is faced with a very nasty and off-putting message about an unidentified program requesting access to his computer.
Certainly. However, telling them that they have to wait just so that Windows finds out what they know already (that this is the MSI file from the Python Software Foundation, or from Martin v. Löwis) is even more nasty.
Educated, adult developers with good internet connections may know that, but all users? What about software on a CD or a memory stick? Also, software sites/mirrors have been compromised in the past, and they are a sweet target. I haven't looked at authenticode, but I guess it's a cryptographical signature. That defaults to a good thing. That the verification takes time is unfortunate, but unavoidable. That the user interface sucks (no feedback) is a bug. You will have the say whether Python uses authenticode, but I'm not convinced by your arguments. - Lars