It's a lot of hassle to get this certification, costs quite a bit of
money (several thousand dollars), and only gives a little bit of
protection. The obvious way around it is to just replace the signed
binary with a not signed binary, hardly anyone would notice.
In practice messing with the files has never happened and if it did it
would most likely be detected and fixed quickly.
Trojan horses are a big problem, but the signature is a very weak
protection against them.
I'll drop the topic. Thanks for providing the current consensus opinion.
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php