Hi, >> One feature that is easily addable and will certainly make installing >> python on vista nicer, is to add authenticode signing to the install.
I'm +1 on authenticode. > This I question very much. I experimented with authenticode before 2.4, > and found it an unacceptable experience. When the MSI file starts > running, installer needs to verify the signature, for which it needs > to compute a hash of the entire file. For the Python MSI, this takes > many seconds on a slower Pentium 4 machine. During that time, there > is no visual feedback, so users are uncertain whether they have > actually invoked the MSI file at all. > >> Currently the user is faced with a very nasty and off-putting message >> about an unidentified program requesting access to his computer. > > Certainly. However, telling them that they have to wait just so that > Windows finds out what they know already (that this is the MSI file > from the Python Software Foundation, or from Martin v. Löwis) is > even more nasty. Educated, adult developers with good internet connections may know that, but all users? What about software on a CD or a memory stick? Also, software sites/mirrors have been compromised in the past, and they are a sweet target. I haven't looked at authenticode, but I guess it's a cryptographical signature. That defaults to a good thing. That the verification takes time is unfortunate, but unavoidable. That the user interface sucks (no feedback) is a bug. You will have the say whether Python uses authenticode, but I'm not convinced by your arguments. - Lars _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig