On 20/09/11 21:48, Peter Gutmann wrote:
...to sign their code. ...I get the impression they see security as a nuisance to be bypassed rather than a real requirement.
I'd like to assure you that code signing and the associated need to buy a certificate service from a third party is viewed as a "nuisance to be bypassed" by a great majority of independent software vendors. Nobody is happy to see ~his~ product, which he ~knows~ presents no threat to his customer, encumbered in both the construction and the distribution to such a level in order to protect the buying public from ~someone else's bad product~. It's "business 101" really. And like always, the smaller the product, the more of a nuisance this becomes. And like always, "the regulator" just wouldn't admit that the regulation is an ill-conceived measure, which encumbers the producer and does not really solve the problem that was used as an excuse to introduce it in the first place, mostly for the hidden "fringe benefits" that it brings to the regulator. Mark R. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
