Doug Bateman wrote: > Here's an interesting question.... why does GnuPG.org bother providing a > GPG signature with it's downloaded files?
To check the integrity and authenticity of the downloaded file? Not everyone is bootstrapping GnuPG onto a new machine or even using Windows. > So this raises the question... If we bother GPG signing our > distributions, why not also Authenticode sign the .exe's so that users > who don't already have GPG installed can verify the download? Is it > about cost (~$200/3 years)? Is it about principle? Is it about the > effort to add the authenticode signature to the Win32 build script? A one-year Comodo software signing cert costs $179. But I don't think cost is the block. Maybe it has something to do with requiring use of a proprietary Microsoft SDK? Just a guess as no proprietary software is used in the generation of the Windows installer. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users