[IronPython] Authenticode Signing of Releases

andrew Wilson a.wilson82 at gmail.com
Wed Feb 23 13:08:06 PST 2011


I can reach out to my company, we are a CA, to see if they'd sponsor a cert?
 Sounds like folk aren't much interested in that though.

-A

On Wed, Feb 23, 2011 at 1:57 PM, Steve Dower <s.j.dower at gmail.com> wrote:

> It's easiest if someone "donates" a personal certificate, which then
> puts their name on the releases (as is done with TortoiseSVN and
> TortoiseHG, for example). However, without a sponsor organisation it's
> very hard to get hold of a "trustworthy" certificate (which a personal
> one is generally not).
>
> Certainly it's not worth it right now, but it may be for the final 2.7
> release, since that will presumably be around for a bit. Are there any
> companies out there that check open-source projects for spyware/etc.
> and sign them with their own certificate? (Is this a potential
> business... hmm...)
>
> On Thu, Feb 24, 2011 at 07:49, Jimmy Schementi <jimmy at schementi.com>
> wrote:
> > I'd vote for it not being worth it right now, unless someone wants to
> donate
> > the money, and even then it makes things more complex.
> > ~Jimmy
> >
> >
> > On Wed, Feb 23, 2011 at 3:39 PM, Dave Wald <davew252 at tx.rr.com> wrote:
> >>
> >> It would be better for acceptance and evangelistic purposes, in my shop
> >> anyway, (but that's another story...)
> >> Hell, I might even chip in a few bucks if need be.
> >>
> >> But I really don't care. I trust you guys...   ;-)
> >>
> >>
> >> On 2/23/2011 10:58 AM, Jeff Hardy wrote:
> >>>
> >>> Older releases of IronPython were authenticode signed (by Microsoft),
> >>> but so far the community releases have not been. As best I can tell,
> >>> authenticode certificates are expensive (the cheapest are around
> >>> $100/year) - I've heard of deals for open source projects but can't
> >>> find anything by searching.
> >>>
> >>> Is it even worth the hassle to get an authenticode cert for releases?
> >>> It adds a bit of extra polish to the installation, but I doubt many
> >>> people pay attention to that anyway.
> >>>
> >>> - Jeff
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.ironpython.com
> >>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
> >>>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.ironpython.com
> >> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.ironpython.com
> > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
> >
> >
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>



-- 
"Once more unto the breach, dear friends, once more; Or close the wall up
with our English dead.  In peace there's nothing so becomes a man As modest
stillness and humility: But when the blast of war blows in our ears, Then
imitate the action of the tiger;"

*Henry V, Act III*, 1598
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ironpython.com/pipermail/users-ironpython.com/attachments/20110223/3206e0e7/attachment.htm>


More information about the Users mailing list