Loading ...
Sorry, an error occurred while loading the content.

Re: Digital Signatures for the official Vim binaries on Windows

Expand Messages
  • Ernie Rael
    ... When I log into sf.net I start getting an https URL. -ernie -- You received this message from the vim_dev maillist. Do not top-post! Type your reply
    Message 1 of 14 , Jan 2, 2012
    • 0 Attachment


      On 1/2/2012 8:43 PM, Philip Taron wrote:


      Dare I note that both sourceforge.net and vim.org are not offered over https? Without that, there's no way to know whether I'm eating at a mockup of my neighbor's house or at the house itself.
       

      When I log into sf.net I start getting an https URL.

      -ernie

      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php
    • Bram Moolenaar
      ... It s a lot of hassle to get this certification, costs quite a bit of money (several thousand dollars), and only gives a little bit of protection. The
      Message 2 of 14 , Jan 4, 2012
      • 0 Attachment
        Philip Taron wrote:

        > I noticed for some time now that the official Vim binaries distributed
        > on vim.org for Windows users aren't digitally signed.
        >
        > Is this due to lack of funds, lack of desire, technical limitations,
        > or personal choice?
        >
        > If it is lack of funds, I'd like to donate so this could happen.

        It's a lot of hassle to get this certification, costs quite a bit of
        money (several thousand dollars), and only gives a little bit of
        protection. The obvious way around it is to just replace the signed
        binary with a not signed binary, hardly anyone would notice.

        In practice messing with the files has never happened and if it did it
        would most likely be detected and fixed quickly.

        Trojan horses are a big problem, but the signature is a very weak
        protection against them.

        --
        If cars evolved at the same rate as computers have, they'd cost five euro,
        run for a year on a couple of liters of petrol, and explode once a day.

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ an exciting new programming language -- http://www.Zimbu.org ///
        \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php
      • Philip Taron
        ... I ll drop the topic. Thanks for providing the current consensus opinion. Philip -- You received this message from the vim_dev maillist. Do not top-post!
        Message 3 of 14 , Jan 4, 2012
        • 0 Attachment
          It's a lot of hassle to get this certification, costs quite a bit of
          money (several thousand dollars), and only gives a little bit of
          protection.  The obvious way around it is to just replace the signed
          binary with a not signed binary, hardly anyone would notice.

          In practice messing with the files has never happened and if it did it
          would most likely be detected and fixed quickly.

          Trojan horses are a big problem, but the signature is a very weak
          protection against them.

          I'll drop the topic. Thanks for providing the current consensus opinion.

          Philip

          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php
        Your message has been successfully submitted and would be delivered to recipients shortly.