On 3/22/2016 7:48 PM, Daniela Engert wrote:
Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
One can always replace a zip-file by an installer that packages bloatware together with the source.
You may sign CAB archives if you really want to.
E.g. if we were to publish SFX archives, signing them would be nice, but involves actual money.
Actually, no - it doesn't cost money. Open source developers can get code-signing certificates for free (f.e. from Comodo or Certum). Just have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source stuff: sha256 signed and sha265 timestamped.
That's good to know, thanks! Though it seems that Certum is no longer free starting in 2016 (16 euro is still way less than any other provider), and I can't find any such offer from Comodo. Thanks, -- Vladimir Prus http://vladimirprus.com