[IronPython] Authenticode Signing of Releases

Vernon Cole vernondcole at gmail.com
Wed Feb 23 18:58:30 CET 2011

There is CAcert.org, who will issue a certificate which by fiddling IIRC can
be made into a code signing certificate.  But while CAcert.org is a *
recognized* certificate authority, they are not a *trusted* authority
(particularly, they are not trusted by Microsoft) so it's a lot of work to
not come out very far ahead.  http://wiki.cacert.org/ I am on board with
CAcert, and have a CAcert certificate and never bother to use it.
  All other CA's seem to require a "verifiable corporate identity" which
open source user groups probably do not qualify as.  Perhaps something like
the Python Software Foundation does (?).

For now, I would say that leaving them unsigned is fine.  I have even loaded
some (minor) Microsoft corporate products which were unsigned. Most people
don't pay attention.

On Wed, Feb 23, 2011 at 9:58 AM, Jeff Hardy <jdhardy at gmail.com> wrote:

> Older releases of IronPython were authenticode signed (by Microsoft),
> but so far the community releases have not been. As best I can tell,
> authenticode certificates are expensive (the cheapest are around
> $100/year) - I've heard of deals for open source projects but can't
> find anything by searching.
> Is it even worth the hassle to get an authenticode cert for releases?
> It adds a bit of extra polish to the installation, but I doubt many
> people pay attention to that anyway.
> - Jeff
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20110223/7e3c6521/attachment.html>

More information about the Ironpython-users mailing list