Here's yet another topic: for the past year, I've been signing Krita for Windows with a certificate from certum.eu. These certificates are personal, so krita gets signed by "open source developer boudewijn rempt".
That's not ideal, and besides, there are other projects publishing binaries for Windows, like kate and kdevelop and kdenlive. I am wondering whether it would be possible to get a proper KDE code signing certificate and manage that somehow, then use that sign all our windows releases. I'd of course chip in with the costs of that, since organization certificates tend to be quite expensive, but the main thing is, we need way to sign the binaries in a trusted way. I have no real idea other than having an official "signing volunteer" or something like that. -- Boudewijn Rempt | http://www.krita.org, http://www.valdyas.org