El dimecres, 16 d’agost de 2017, a les 11:40:33 CEST, Boudewijn Rempt va escriure: > Here's yet another topic: for the past year, I've been signing Krita > for Windows with a certificate from certum.eu. These certificates are > personal, so krita gets signed by "open source developer boudewijn rempt". > > That's not ideal,
What is the downside? I mean does "open source developer boudewijn rempt" show up somewhere in the UI? I'm not saying we shouldn't have a KDE wide key, just wanting to know why we want it :) Cheers, Albert > and besides, there are other projects publishing > binaries for Windows, like kate and kdevelop and kdenlive. I am wondering > whether it would be possible to get a proper KDE code signing certificate > and manage that somehow, then use that sign all our windows releases. > > I'd of course chip in with the costs of that, since organization > certificates tend to be quite expensive, but the main thing is, we need way > to sign the binaries in a trusted way. I have no real idea other than > having an official "signing volunteer" or something like that.
