On Wed, Nov 6, 2013 at 8:11 AM, Rzepa, Henry S <h.rz...@imperial.ac.uk>wrote:
> >
> > The only free certificates I've found for now are for one individual,
> not an organisation.
> > The one I got from Certum requires a true name, with a copy of an id
> document, so that they have some guarantee.
> >
> >
>
> I think this is great for testing, but what will happen in “production
> mode” Inevitably when one talks to large organisations (as I did with the
> ACS and RSC), they ask “what will our lawyers make of it?” So could we
> issue Jmol in the name of one individual, and would that individual be
> happy potentially dealing with eg ACS and RSC lawyers?
>
> Or, how could we set up Jmol as an “organisation” so that the
> certificate goes out in its name?
>
Maybe, but I don't know how to get a free or cheap code-signing certificate
for an organisation, even a non-profit one.
But, sure, that would be a better option.
>
> >
> > 2. Whoever or whatever organisation signs Jmol, will that cause anyone
> to question its “opensource credentials”? Might someone confuse
> certificate signing with “ownership”?
> >
> > There's no reason for it to change anything about ownership, it's just a
> way of delivering the application, but with some kind of guarantee from the
> individual signing the version.
>
> I fully understand that a certificate changes anything about ownership.
> Its just that some people might misunderstand that!
>
> >
> >
> >
> > 3. What about multiple versions of Jmol, each signed by a different
> individual or different organisation? Is that viable? Each would be
> signing that they eg legally trust the original source (which would be the
> loose Jmol community, or perhaps if we are to be specific, Bob Hanson?)
> >
> > Well, it's probably a lot more complex to hope for multiple versions :
> each individual/organisation signing would need to obtain a trusted
> certificate, and they would use their name as a guarantee about the version
> not being malicious, ...
> > I think the easier way is to use individual certificate from the person
> making the releases
>
> As long as that person is fully happy (see above!)
>
I really don't know what are the legal implications of code signing, if
there are...
Nico
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jmol-users
