Doug Bateman wrote: > Here's an interesting question.... why does GnuPG.org bother providing a > GPG signature with it's downloaded files?
To check the integrity and authenticity of the downloaded file? Not
everyone is bootstrapping GnuPG onto a new machine or even using Windows.
> So this raises the question... If we bother GPG signing our
> distributions, why not also Authenticode sign the .exe's so that users
> who don't already have GPG installed can verify the download? Is it
> about cost (~$200/3 years)? Is it about principle? Is it about the
> effort to add the authenticode signature to the Win32 build script?
A one-year Comodo software signing cert costs $179. But I don't think
cost is the block.
Maybe it has something to do with requiring use of a proprietary
Microsoft SDK?
Just a guess as no proprietary software is used in the generation of the
Windows installer.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-k...@gingerbear.net?subject=help
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
