Philip Taron wrote: > I noticed for some time now that the official Vim binaries distributed > on vim.org for Windows users aren't digitally signed. > > Is this due to lack of funds, lack of desire, technical limitations, > or personal choice? > > If it is lack of funds, I'd like to donate so this could happen.
It's a lot of hassle to get this certification, costs quite a bit of money (several thousand dollars), and only gives a little bit of protection. The obvious way around it is to just replace the signed binary with a not signed binary, hardly anyone would notice. In practice messing with the files has never happened and if it did it would most likely be detected and fixed quickly. Trojan horses are a big problem, but the signature is a very weak protection against them. -- If cars evolved at the same rate as computers have, they'd cost five euro, run for a year on a couple of liters of petrol, and explode once a day. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
