[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: download versie 2.12
|
From: |
Daniel Hulme |
|
Subject: |
Re: download versie 2.12 |
|
Date: |
Wed, 1 Apr 2009 22:41:22 +0100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Wed, Apr 01, 2009 at 07:38:30AM +0200, Christ van Willegen wrote:
> On Tue, Mar 31, 2009 at 11:55 PM, Trevor Daniels <address@hidden> wrote:
> > They vary, but Firefox has a recognised certificate
> > which identifies the publisher as Mozilla Corporation.
> > The certificate was issued by Thawte Code Signing CA.
>
> ...and those certificates are $599. Ouch.
And, speaking from experience, the cash price of the thing is nothing
compared to the organisational faff required to get one and sign
binaries with it. You pretty much need a dedicated Windows box to store
it on and do signing with, and one or two designated people to have the
passphrase of the key. And if by some mishap you lose the key or the
passphrase they charge even more money to send you a new one.
It has no security benefit anyway. There are plenty of malwares around
there with valid signatures; you just need the dough and some headed
notepaper to convince the certificate authorities to sign your key.
Signing the downloadable binaries (for all platforms) with OpenPGP means
that users who want to can verify their integrity; if enough Vista users
care enough about having to click through the "security" warning then
there might be a good business model of selling signed installers
(including the source code, of course, as per GPL).
--
Trends on the internet are larger than they appear.
http://surreal.istic.org/ Act your age, not your disk size.
signature.asc
Description: Digital signature