Apache OpenOffice (AOO) Bugzilla – Issue 69032
Please sign OO installer with digital certificate
Last modified: 2008-09-23 10:10:21 UTC
Please sign OO installer with digital certificate from commercial certificate authority to reassure users. Without such signing users get warning "The publisher could not be verified. Are you sure you want to run this software?" and may cancel installation.
reassigned
Here is helpfull tool tool from MS to sign software http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx
One more MS tool to sign http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f- abb5-ff88ea5896f6&DisplayLang=en
reassigned to myself
Martin, are we on track for 3.0 with this RFE? WBR, Kirill.
working on this.
Martin, what is the current status of this issue? Thanks and regards, KP.
Signing with a digital certificate might also mitigate the risk of an attack based on DNS spoofing like the one described in http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt since the user will be able to check that the file he downloaded is indeed coming from OpenOffice.org (even if we can do very little about this kind of attack unless we make the Update Notification mechanism more secure).
Apparently we are going to miss 3.0 fot this issue.
fixed with 3.0rc2
Verified in RC2 on WinXP, closing as such. Martin, thanks a ton!
Sweet!! Thanks Martin