Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing
|Summary:||Please sign OO installer with digital certificate|
|Component:||ui||Assignee:||Martin Hollmichel <nesshof>|
|Status:||CLOSED FIXED||QA Contact:||issues@installation <issues>|
|Priority:||P3||CC:||issues, khirano, pescetti|
|Target Milestone:||OOo 3.0|
|Issue Type:||FEATURE||Latest Confirmation in:||---|
Description kpalagin 2006-08-28 17:54:38 UTC
Please sign OO installer with digital certificate from commercial certificate authority to reassure users. Without such signing users get warning "The publisher could not be verified. Are you sure you want to run this software?" and may cancel installation.
Comment 1 Olaf Felka 2006-08-28 18:52:54 UTC
Comment 2 kpalagin 2006-10-07 15:21:54 UTC
Here is helpfull tool tool from MS to sign software http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx
Comment 3 kpalagin 2006-10-07 15:24:35 UTC
One more MS tool to sign http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f- abb5-ff88ea5896f6&DisplayLang=en
Comment 4 Martin Hollmichel 2008-01-23 14:13:32 UTC
reassigned to myself
Comment 5 kpalagin 2008-03-26 12:09:25 UTC
Martin, are we on track for 3.0 with this RFE? WBR, Kirill.
Comment 6 Martin Hollmichel 2008-03-26 12:14:34 UTC
working on this.
Comment 7 kpalagin 2008-06-18 04:59:47 UTC
Martin, what is the current status of this issue? Thanks and regards, KP.
Comment 8 Andrea Pescetti 2008-07-28 23:10:56 UTC
Signing with a digital certificate might also mitigate the risk of an attack based on DNS spoofing like the one described in http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt since the user will be able to check that the file he downloaded is indeed coming from OpenOffice.org (even if we can do very little about this kind of attack unless we make the Update Notification mechanism more secure).
Comment 9 kpalagin 2008-09-06 20:10:08 UTC
Apparently we are going to miss 3.0 fot this issue.
Comment 10 Martin Hollmichel 2008-09-22 07:33:31 UTC
fixed with 3.0rc2
Comment 11 kpalagin 2008-09-23 09:26:03 UTC
Verified in RC2 on WinXP, closing as such. Martin, thanks a ton!
Comment 12 per.ooo 2008-09-23 10:10:21 UTC
Sweet!! Thanks Martin