On Wed, Apr 01, 2009 at 07:38:30AM +0200, Christ van Willegen wrote: > On Tue, Mar 31, 2009 at 11:55 PM, Trevor Daniels <t.dani...@treda.co.uk> > wrote: > > They vary, but Firefox has a recognised certificate > > which identifies the publisher as Mozilla Corporation. > > The certificate was issued by Thawte Code Signing CA. > > ...and those certificates are $599. Ouch.
And, speaking from experience, the cash price of the thing is nothing compared to the organisational faff required to get one and sign binaries with it. You pretty much need a dedicated Windows box to store it on and do signing with, and one or two designated people to have the passphrase of the key. And if by some mishap you lose the key or the passphrase they charge even more money to send you a new one. It has no security benefit anyway. There are plenty of malwares around there with valid signatures; you just need the dough and some headed notepaper to convince the certificate authorities to sign your key. Signing the downloadable binaries (for all platforms) with OpenPGP means that users who want to can verify their integrity; if enough Vista users care enough about having to click through the "security" warning then there might be a good business model of selling signed installers (including the source code, of course, as per GPL). -- Trends on the internet are larger than they appear. http://surreal.istic.org/ Act your age, not your disk size.
signature.asc
Description: Digital signature
_______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user
