-------- Original Message -------- From: Kirill S. Palagin <[EMAIL PROTECTED]> Date: Mon 16 Apr 2007 19:14:53 EST
> By default Windows recognises about 20 certificate authorities, so it > has nothing to do with MS. > > Some people need to focus less on our main competitor and more on our > product, so that we can grow bigger than "MS haters" market niche. > > If anybody is interested in OO installer being signed please vote for > http://www.openoffice.org/issues/show_bug.cgi?id=69032 Maybe this should now go to the Discuss (subscribed) or OT (not subscribed) list, but as a professional developer of commercial software this is an issue of interest to me. From personal first hand experience, I can say that your first statement is only partially true. In that Microsoft recognises more than 20 CAs for different Windows security functions, but not all of them for code signing to comply with the MRCP (Microsoft Root Certificate Program), which is the issue in question here. For a list of recognised CAs see: http://msdn2.microsoft.com/en-us/library/ms995347.aspx In that code signing for Windows has nothing to do with Microsoft, your statement is totally incorrect. For software not to trigger the warning referred to by the OP, it must be certified by Microsoft under the MRCP. For details see: http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=true While Microsoft claim they do not charge for this certification (I have sound evidential reason to question this), the whole certification process is extremely tortuous and in total, can be prohibitively expensive. BTW James Knott is correct regarding self certification not be accepted. In regard to this issue that form of certification is a non-starter. As to your second (somewhat derogatory) statement, I can inform you that I do not "hate" Microsoft. On the contrary, I earn ~70% of my income from support and software development for customers using the Windows operating system. Why would I want to kill the cow that gives me milk? However, I do find some of their business practices distasteful, but that is a subject for another time and place (list). My comments to the OP were not directed at MS Office (main competitor), but were made to indicate that he could trust the OOo installer program in spite of the warning displayed. Many major software vendors have elected not to seek this certification and unless Sun or some philanthropic benefactor is prepared to put up the time, effort and money, I doubt that the OOo will be signed. Personally, I believe there are other improvements that we could apply our limited resources to, which would better serve the growth of OOo. I trust this clears up some of the misconceptions you have about the MRCP and my motivation for the small jest remark "the Microsoft tax", when trying to assist and assure a potential new OOo user. Hopefully, the copy of your attack upon my reply you sent to the non-subscribed OP has not discouraged him from installing OOo to see how good it is. Regards Dave
signature.asc
Description: OpenPGP digital signature
