Code signing certificate for KDE?

Albert Astals Cid aacid at kde.org
Thu Aug 17 21:48:45 BST 2017


El dimecres, 16 d’agost de 2017, a les 11:40:33 CEST, Boudewijn Rempt va 
escriure:
> Here's yet another topic: for the past year, I've been signing Krita
> for Windows with a certificate from certum.eu. These certificates are
> personal, so krita gets signed by "open source developer boudewijn rempt".
> 
> That's not ideal,

What is the downside?

I mean does "open source developer boudewijn rempt" show up somewhere in the 
UI?

I'm not saying we shouldn't have a KDE wide key, just wanting to know why we 
want it :)

Cheers,
  Albert

> and besides, there are other projects publishing
> binaries for Windows, like kate and kdevelop and kdenlive. I am wondering
> whether it would be possible to get a proper KDE code signing certificate
> and manage that somehow, then use that sign all our windows releases.
> 
> I'd of course chip in with the costs of that, since organization
> certificates tend to be quite expensive, but the main thing is, we need way
> to sign the binaries in a trusted way. I have no real idea other than
> having an official "signing volunteer" or something like that.





More information about the kde-community mailing list