[IronPython] Authenticode Signing of Releases
s.j.dower at gmail.com
Wed Feb 23 12:57:31 PST 2011
It's easiest if someone "donates" a personal certificate, which then
puts their name on the releases (as is done with TortoiseSVN and
TortoiseHG, for example). However, without a sponsor organisation it's
very hard to get hold of a "trustworthy" certificate (which a personal
one is generally not).
Certainly it's not worth it right now, but it may be for the final 2.7
release, since that will presumably be around for a bit. Are there any
companies out there that check open-source projects for spyware/etc.
and sign them with their own certificate? (Is this a potential
On Thu, Feb 24, 2011 at 07:49, Jimmy Schementi <jimmy at schementi.com> wrote:
> I'd vote for it not being worth it right now, unless someone wants to donate
> the money, and even then it makes things more complex.
> On Wed, Feb 23, 2011 at 3:39 PM, Dave Wald <davew252 at tx.rr.com> wrote:
>> It would be better for acceptance and evangelistic purposes, in my shop
>> anyway, (but that's another story...)
>> Hell, I might even chip in a few bucks if need be.
>> But I really don't care. I trust you guys... ;-)
>> On 2/23/2011 10:58 AM, Jeff Hardy wrote:
>>> Older releases of IronPython were authenticode signed (by Microsoft),
>>> but so far the community releases have not been. As best I can tell,
>>> authenticode certificates are expensive (the cheapest are around
>>> $100/year) - I've heard of deals for open source projects but can't
>>> find anything by searching.
>>> Is it even worth the hassle to get an authenticode cert for releases?
>>> It adds a bit of extra polish to the installation, but I doubt many
>>> people pay attention to that anyway.
>>> - Jeff
>>> Users mailing list
>>> Users at lists.ironpython.com
>> Users mailing list
>> Users at lists.ironpython.com
> Users mailing list
> Users at lists.ironpython.com
More information about the Users