On Mon, Sep 28, 2009 at 05:59:13PM -0400, Richard Stallman wrote: > I'd also like a certificate for my Java applets, and also one for my > ms woe .exe installers which (like Firefox' or OpenOffice's) trigger a > bad-looking warning under recent versions/SPs of that OS. > > What are these Java applets? > What are these .exe installers? > > I'd like to understand what is happening here.
Jon suggested that money would solve the problem because SSL certificates are cheaper these days. I ironicaly pointed that pressure to sign everything is extending outside of SSL certificates: - A Java applet runs in unprivileged mode by default; when signed, it runs at full privileges, which is necessary if the user wants to save data on his computer, for example. If the certificate is not made by authorities included in the Java Runtime Environment, the applet system will show an additional warning to the user. The certification only assess the identity of the software editor, it's not a security audit. - Similarly, microsoft windows now displays a fullscreen warning about the dangers of running executables that are not signed by an authority that microsoft trusts. This happens in recent versions, as well as recent upgrades of earlier versions of that OS. I know people who were afraid of installing OpenOffice.org because of that warning. GNU Savannah per-se does not currently make use of Java applets, nor distributes installers for ms woe, the examples were given to defeat the point. -- Sylvain
