Code signing for an individual for open source projects

open-source certificate code-signing authenticode
ub3rst4r picture ub3rst4r · Apr 18, 2012 · Viewed 8.5k times · Source

I am getting a code signing certificate for my open source projects. I have a couple of questions about them:

  1. Being a unregistered company that develops open source projects, is there a way to get passed the verification process?
  2. If I register the code signing certificate under my personal name, are there any risks involved (for example, stolen identity and stalking)?

Answer

Bert Huijben picture Bert Huijben · Jul 2, 2012

Certum (http://www.certum.pl) offers free code certificates for open source projects. I know the TortoiseSVN and AnkhSVN projects use certificates from them for their distributions.

The problems with signatures expiring when the certicate does is not specific to a certificate provider but on how you sign the certificate. To keep the signature valid you should also sign a timestamp. See the FAQ of your certificate provider.

Related questions

What is the best open XML parser for C++?

I am looking for a simple, clean, correct XML parser to use in my C++ project. Should I write my own?

Read More
Open source PDF library for C/C++ application?

I want to be able to generate PDF output from my (native) C++ Windows application. Are there any free/open source libraries available to do this? I looked at the answers to this question, but they mostly relate to .Net.

Read More
Open-Source Examples of well-designed Android Applications?

Can you recommend open source android applications that can be valuable to analyze, and to learn android programming from? Is any app from the Android open source project suitable for basic learning?Basically, I am looking for android apps for …

Read More