Code signing certificate for KDE?

Boudewijn Rempt boud at valdyas.org
Thu Aug 17 21:57:47 BST 2017


On Thu, 17 Aug 2017, Albert Astals Cid wrote:

> El dimecres, 16 d’agost de 2017, a les 11:40:33 CEST, Boudewijn Rempt va 
> escriure:
> > Here's yet another topic: for the past year, I've been signing Krita
> > for Windows with a certificate from certum.eu. These certificates are
> > personal, so krita gets signed by "open source developer boudewijn rempt".
> > 
> > That's not ideal,
> 
> What is the downside?
> 
> I mean does "open source developer boudewijn rempt" show up somewhere in the 
> UI?

Yes, it's what windows shows when installing the application.

> 
> I'm not saying we shouldn't have a KDE wide key, just wanting to know why we 
> want it :)
> 

KDE already conveys trust, and having KDE as the authority that says "this
installer can be trusted", it can grow trust in KDE.

-- 
Boudewijn Rempt | http://www.krita.org, http://www.valdyas.org


More information about the kde-community mailing list