There is CAcert.org, who will issue a certificate which by fiddling IIRC can be made into a code signing certificate. But while CAcert.org is a * recognized* certificate authority, they are not a *trusted* authority (particularly, they are not trusted by Microsoft) so it's a lot of work to not come out very far ahead. http://wiki.cacert.org/ I am on board with CAcert, and have a CAcert certificate and never bother to use it. All other CA's seem to require a "verifiable corporate identity" which open source user groups probably do not qualify as. Perhaps something like the Python Software Foundation does (?).
For now, I would say that leaving them unsigned is fine. I have even loaded some (minor) Microsoft corporate products which were unsigned. Most people don't pay attention. -- Vernon On Wed, Feb 23, 2011 at 9:58 AM, Jeff Hardy <jdha...@gmail.com> wrote: > Older releases of IronPython were authenticode signed (by Microsoft), > but so far the community releases have not been. As best I can tell, > authenticode certificates are expensive (the cheapest are around > $100/year) - I've heard of deals for open source projects but can't > find anything by searching. > > Is it even worth the hassle to get an authenticode cert for releases? > It adds a bit of extra polish to the installation, but I doubt many > people pay attention to that anyway. > > - Jeff > _______________________________________________ > Users mailing list > Users@lists.ironpython.com > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com >
_______________________________________________ Users mailing list Users@lists.ironpython.com http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
