[IronPython] Authenticode Signing of Releases
vernondcole at gmail.com
Wed Feb 23 18:58:30 CET 2011
There is CAcert.org, who will issue a certificate which by fiddling IIRC can
be made into a code signing certificate. But while CAcert.org is a *
recognized* certificate authority, they are not a *trusted* authority
(particularly, they are not trusted by Microsoft) so it's a lot of work to
not come out very far ahead. http://wiki.cacert.org/ I am on board with
CAcert, and have a CAcert certificate and never bother to use it.
All other CA's seem to require a "verifiable corporate identity" which
open source user groups probably do not qualify as. Perhaps something like
the Python Software Foundation does (?).
For now, I would say that leaving them unsigned is fine. I have even loaded
some (minor) Microsoft corporate products which were unsigned. Most people
don't pay attention.
On Wed, Feb 23, 2011 at 9:58 AM, Jeff Hardy <jdhardy at gmail.com> wrote:
> Older releases of IronPython were authenticode signed (by Microsoft),
> but so far the community releases have not been. As best I can tell,
> authenticode certificates are expensive (the cheapest are around
> $100/year) - I've heard of deals for open source projects but can't
> find anything by searching.
> Is it even worth the hassle to get an authenticode cert for releases?
> It adds a bit of extra polish to the installation, but I doubt many
> people pay attention to that anyway.
> - Jeff
> Users mailing list
> Users at lists.ironpython.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ironpython-users