coapp-developers team mailing list archive
-
coapp-developers team
-
Mailing list archive
-
Message #00085
Re: Let's talk about libraries
On 4/13/2010 6:46 AM, Ivan Meredith wrote:
>
>
> Here's my suggestion for addressing this: a non-profit company is
> registered in the States (e.g. 'CoApp Software Foundation', akin
> to Apache Software Foundation, Python Software Foundation, etc).
> A VeriSign code-signing certificate is purchased, and we establish
> a process for building and signing CoApp-compliant apps on behalf
> of the open source projects (assuming their release meets the
> pre-requisites we define in the aforementioned process).
>
>
> I think its a fairly good idea, but I still don't think packages
> should *have* to be signed by the 'CoApp Software Foundation'. If
> they *have* to be signed by a specific CA, then I guess they do have
> to be signed by CoApp, or at least someone will need to have there own
> certificate. But thats not ideal in my opinion.
>
I would also request that in thinking about this, we not limit ourselves
to the WinSXS issue - open-source projects were the first thing that
came to mind for me when I heard about the signing requirement for
drivers as well!
References