> > No policy, but I'd be curious to know what the OP believes to be > practically accomplished with signed files. Perhaps we're just talking > about the official binaries? Or just checksums?
I'm only interested in the official binaries. The problem of determining that the sources retrieved from the official master repository are the same sources is something else entirely. 1. Integrity. I know the binary has not been modified in transit in some form. Catalog signing, like the MD5 file talked about here, also accomplishes this, provided that there is something that signs it, and so on. 2. Identity. I know that the person claiming to be Bram Moolenaar (or Steve Hall, or whomever) is certified to be that person by some certification authority I already trust. 3. Authorship. Combining the previous benefits, I know the file is intact, that Bram really is a person/org, and that he really produced this file. 4. Provenance. I know that the binary I got from vim.org actually originated with someone who both controlled vim.org and also the private cert for codesigning the binaries there. (This is only if vim.org supports https, which it currently does not.) 5. UX benefits. I'm restricting this to Windows, since I have no idea of the state of PKI/code signing/etc on Linux or MacOS. On Windows, executables that are digitally signed are presented differently than binaries which are unsigned. 6. Revokability. If the prior constraints do not hold true (due to a systems failure, vulnerability, or loss of private key, for instance) the certificate can be revoked immediately. 7. Individual revokability. If a particular binary suffers from a very bad vulnerability, it can explicitly be pulled. There's also a couple white-listing benefits, which are completely ancillary. 8. Anti-malware benefits. Most AV engines (and in particular the one used by MS, for instance in Security Essentials) are able to author whitelist signatures for known good certs. 9. Reputation services (like Smart Screen for downloads in IE9). Over time, these can provide actual trust benefits (like http://www.hanselman.com/blog/UsingCodeSigningCertificatesToSignDownloadedMSIsAndBuildReputationWithIE9SmartScreen.aspx illustrates.) In reality, my personal motivation is to get rid of that damn unsigned dialog, but from an objective standpoint my motivations don't matter. :) Philip -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
