[Distutils] [Python-Dev] Adventures with x64, VS7 and VS8 on Windows

"Martin v. Löwis" martin at v.loewis.de
Tue May 29 23:37:13 CEST 2007

> One feature that is easily addable and will certainly make installing
> python on vista nicer, is to add authenticode signing to the install.

This I question very much. I experimented with authenticode before 2.4,
and found it an unacceptable experience. When the MSI file starts
running, installer needs to verify the signature, for which it needs
to compute a hash of the entire file. For the Python MSI, this takes
many seconds on a slower Pentium 4 machine. During that time, there
is no visual feedback, so users are uncertain whether they have
actually invoked the MSI file at all.

> Currently the user is faced with a very nasty and off-putting message
> about an unidentified program requesting access to his computer.

Certainly. However, telling them that they have to wait just so that
Windows finds out what they know already (that this is the MSI file
from the Python Software Foundation, or from Martin v. Löwis) is
even more nasty.


More information about the Distutils-SIG mailing list