Issue 69032 - Please sign OO installer with digital certificate
Summary: Please sign OO installer with digital certificate
Status: CLOSED FIXED
Alias: None
Product: Installation
Classification: Application
Component: ui (show other issues)
Version: current
Hardware: All Windows, all
: P3 Trivial with 27 votes (vote)
Target Milestone: OOo 3.0
Assignee: Martin Hollmichel
QA Contact: issues@installation
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-28 17:54 UTC by kpalagin
Modified: 2008-09-23 10:10 UTC (History)
3 users (show)

See Also:
Issue Type: FEATURE
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description kpalagin 2006-08-28 17:54:38 UTC 
Please sign OO installer with digital certificate from commercial certificate 
authority to reassure users. Without such signing users get warning
"The publisher could not be verified. Are you sure you want to run this 
software?" and may cancel installation.
Comment 1 Olaf Felka 2006-08-28 18:52:54 UTC 
reassigned
Comment 2 kpalagin 2006-10-07 15:21:54 UTC 
Here is helpfull tool tool from MS to sign software
http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx
Comment 3 kpalagin 2006-10-07 15:24:35 UTC 
One more MS tool to sign 
http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f-
abb5-ff88ea5896f6&DisplayLang=en
Comment 4 Martin Hollmichel 2008-01-23 14:13:32 UTC 
reassigned to myself
Comment 5 kpalagin 2008-03-26 12:09:25 UTC 
Martin,
are we on track for 3.0 with this RFE?

WBR,
Kirill.
Comment 6 Martin Hollmichel 2008-03-26 12:14:34 UTC 
working on this.
Comment 7 kpalagin 2008-06-18 04:59:47 UTC 
Martin,
what is the current status of this issue?
Thanks and regards,
KP.
Comment 8 Andrea Pescetti 2008-07-28 23:10:56 UTC 
Signing with a digital certificate might also mitigate the risk of an attack
based on DNS spoofing like the one described in
http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
since the user will be able to check that the file he downloaded is indeed
coming from OpenOffice.org (even if we can do very little about this kind of
attack unless we make the Update Notification mechanism more secure).
Comment 9 kpalagin 2008-09-06 20:10:08 UTC 
Apparently we are going to miss 3.0 fot this issue.
Comment 10 Martin Hollmichel 2008-09-22 07:33:31 UTC 
fixed with 3.0rc2
Comment 11 kpalagin 2008-09-23 09:26:03 UTC 
Verified in RC2 on WinXP, closing as such.

Martin,
thanks a ton!
Comment 12 per.ooo 2008-09-23 10:10:21 UTC 
Sweet!!

Thanks Martin