Code signing certificate for KDE?

Albert Astals Cid aacid at kde.org
Thu Aug 17 22:16:23 BST 2017


El dijous, 17 d’agost de 2017, a les 22:57:47 CEST, Boudewijn Rempt va 
escriure:
> On Thu, 17 Aug 2017, Albert Astals Cid wrote:
> > El dimecres, 16 d’agost de 2017, a les 11:40:33 CEST, Boudewijn Rempt va
> > 
> > escriure:
> > > Here's yet another topic: for the past year, I've been signing Krita
> > > for Windows with a certificate from certum.eu. These certificates are
> > > personal, so krita gets signed by "open source developer boudewijn
> > > rempt".
> > > 
> > > That's not ideal,
> > 
> > What is the downside?
> > 
> > I mean does "open source developer boudewijn rempt" show up somewhere in
> > the UI?
> 
> Yes, it's what windows shows when installing the application.

Ok, then i guess yes, we should get one.

What kind of certificate is needed?

Cheers,
  Albert

> 
> > I'm not saying we shouldn't have a KDE wide key, just wanting to know why
> > we want it :)
> 
> KDE already conveys trust, and having KDE as the authority that says "this
> installer can be trusted", it can grow trust in KDE.






More information about the kde-community mailing list