On 4/13/2010 6:46 AM, Ivan Meredith wrote: > > > Here's my suggestion for addressing this: a non-profit company is > registered in the States (e.g. 'CoApp Software Foundation', akin > to Apache Software Foundation, Python Software Foundation, etc). > A VeriSign code-signing certificate is purchased, and we establish > a process for building and signing CoApp-compliant apps on behalf > of the open source projects (assuming their release meets the > pre-requisites we define in the aforementioned process). > > > I think its a fairly good idea, but I still don't think packages > should *have* to be signed by the 'CoApp Software Foundation'. If > they *have* to be signed by a specific CA, then I guess they do have > to be signed by CoApp, or at least someone will need to have there own > certificate. But thats not ideal in my opinion. >
I would also request that in thinking about this, we not limit ourselves to the WinSXS issue - open-source projects were the first thing that came to mind for me when I heard about the signing requirement for drivers as well! _______________________________________________ Mailing list: https://launchpad.net/~coapp-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~coapp-developers More help : https://help.launchpad.net/ListHelp
