Here's yet another topic: for the past year, I've been signing Krita
for Windows with a certificate from certum.eu. These certificates are
personal, so krita gets signed by "open source developer boudewijn rempt".

That's not ideal, and besides, there are other projects publishing
binaries for Windows, like kate and kdevelop and kdenlive. I am wondering
whether it would be possible to get a proper KDE code signing certificate
and manage that somehow, then use that sign all our windows releases.

I'd of course chip in with the costs of that, since organization certificates
tend to be quite expensive, but the main thing is, we need way to sign
the binaries in a trusted way. I have no real idea other than having an
official "signing volunteer" or something like that.

-- 
Boudewijn Rempt | http://www.krita.org, http://www.valdyas.org

Reply via email to