On 17.04.2015 19:31, "Martin v. Löwis" wrote:
> Am 17.04.15 um 00:46 schrieb M.-A. Lemburg:
>>> I had asked the PSF for a StartSSL certificate when the previous
>>> certificate expired, and the PSF was not able to provide one. After
>>> waiting several weeks for the PSF to provide the certificate,
Am 17.04.15 um 00:46 schrieb M.-A. Lemburg:
>> I had asked the PSF for a StartSSL certificate when the previous
>> certificate expired, and the PSF was not able to provide one. After
>> waiting several weeks for the PSF to provide the certificate, Kurt then
>> kindly went to Verisign.
>
> When was
On 16.04.2015 21:34, "Martin v. Löwis" wrote:
> Am 04.04.15 um 21:54 schrieb M.-A. Lemburg:
FWIW: The PSF mostly uses StartSSL nowadays and they also support code
signing certificates. Given that this option is a lot cheaper than
Verisign, I think we should switch, unless there are s
Am 04.04.15 um 21:54 schrieb M.-A. Lemburg:
>>> FWIW: The PSF mostly uses StartSSL nowadays and they also support code
>>> signing certificates. Given that this option is a lot cheaper than
>>> Verisign, I think we should switch, unless there are significant
>>> reasons not to. We should revisit th
"One question, if you will - I don't think this was asked so far - is
authenticode verifiable from Linux, without Windows? And does it work
for users of WINE ?"
I've seen some info suggesting that it's verifiable, but you do need to extract
the cert and calculate the hash against less than the si
On Sat, Apr 4, 2015, at 03:54 PM, M.-A. Lemburg wrote:
> On 04.04.2015 21:49, Kurt B. Kaiser wrote:
> >
> >
> > On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
> >> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> >>> For the record, that is a Symantec/Verisign code signing
> >>> certificate
On 04.04.2015 21:49, Kurt B. Kaiser wrote:
>
>
> On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
>> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
>>> For the record, that is a Symantec/Verisign code signing
>>> certificate. We paid $1123 for it last April. It expires
>>> April 2017.
>>>
>>>
On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> > For the record, that is a Symantec/Verisign code signing
> > certificate. We paid $1123 for it last April. It expires
> > April 2017.
> >
> > If you don't switch to a different vendor, e.g. st
eve.do...@microsoft.com>
>> Sent: 4/4/2015 7:25
>> To: Wes Turner<mailto:wes.tur...@gmail.com>; M. -A.
>> Lemburg<mailto:m...@egenix.com>
>> Cc: python-committers<mailto:python-committers@python.org>;
>> Python-Dev<mailto:python-...@python.org>
>
gt;; M. -A.
> Lemburg<mailto:m...@egenix.com>
> Cc: python-committers<mailto:python-committers@python.org>;
> Python-Dev<mailto:python-...@python.org>
> Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
> files with GnuPG?
>
>
to:python-committers@python.org>;
Python-Dev<mailto:python-...@python.org>
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows files
with GnuPG?
"Authenticode does not have a PKI"
If you got that from this discussion, I need everyone to at least skim read
On 04.04.2015 16:41, Steve Dower wrote:
> "Relying only on Authenticode for Windows installers would result in a break
> in technology w/r to the downloads we make available for Python, since all
> other files are (usually) GPG signed"
>
> This is the point of this discussion. I'm willing to mak
o: Steve Dower<mailto:steve.do...@microsoft.com>; Larry
Hastings<mailto:la...@hastings.org>; Python Dev<mailto:python-...@python.org>;
python-committers<mailto:python-committers@python.org>
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows files
with Gnu
ings<mailto:la...@hastings.org<mailto:la...@hastings.org>>; Python
> Dev<mailto:python-...@python.org<mailto:python-...@python.org>>;
> python-committers<mailto:python-committers@python.org<mailto:python-committers@python.org>>
> Subject: Re: [python-com
Registered at Amtsgericht Duesseldorf: HRB 46611
>> http://www.egenix.com/company/contact/
>>
>>
>>> Cheers,
>>> Steve
>>>
>>> Top-posted from my Windows Phone
>>>
>>> Fr
ct/
>
>
>> Cheers,
>> Steve
>>
>> Top-posted from my Windows Phone
>>
>> From: M.-A. Lemburg<mailto:m...@egenix.com>
>> Sent: 4/3/2015 10:55
>> To: Steve Dower<mailto:steve.do...@microsoft.com>; Larry
>&
;; Python
> Dev<mailto:python-...@python.org>;
> python-committers<mailto:python-committers@python.org>
> Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
> files with GnuPG?
>
> On 03.04.2015 19:35, Steve Dower wrote:
>>> My Window
tters<mailto:python-committers@python.org>
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows files
with GnuPG?
On 03.04.2015 19:35, Steve Dower wrote:
>> My Windows development days are firmly behind me. So I don't really have an
>> opinion here.
On 03.04.2015 19:35, Steve Dower wrote:
>> My Windows development days are firmly behind me. So I don't really have an
>> opinion here. So I put it to you, Windows Python developers: do you care
>> about
>> GnuPG signatures on Windows-specific files? Or do you not care?
>
> The later replies seem
Larry Hastings wrote:
> Steve's also changed the authentication process. His new installers rely on a
> Windows digital signature technology called Authenticode where the signature
> is
> built right into the .exe file. Windows platforms will automatically
> authenticate executables signed with Au
On Fri, Apr 3, 2015 at 7:25 AM, Paul Moore wrote:
> On 3 April 2015 at 10:56, Larry Hastings wrote:
>> My Windows development days are firmly behind me. So I don't really have an
>> opinion here. So I put it to you, Windows Python developers: do you care
>> about GnuPG signatures on Windows-spe
On 3 April 2015 at 10:56, Larry Hastings wrote:
> My Windows development days are firmly behind me. So I don't really have an
> opinion here. So I put it to you, Windows Python developers: do you care
> about GnuPG signatures on Windows-specific files? Or do you not care?
I don't have a very s
22 matches
Mail list logo