Code Signing Anyone?

[Bill Marriott]

Jacqui,

> Since all our apps are made with the same engine, I wonder if it would be 
> possible for RR to get a certificate and let all of us use it. Would MS go 
> for that? Maybe this could be a perk for Enterprise users or a small fee 
> for Studio users.

That's neither possible nor desirable.

It's not possible because the code signing takes into account a checksum for 
the whole .exe (along with other factors) and that is different with every 
application created, even though the embedded engine is the same.

It's not desirable because then any miscreant could download a trial copy of 
Rev, write the next great trojan horse virus malware spybot and it would 
appear to have been "signed" by Runtime Rev.

In Windows XP, unsigned applications aren't so bad. But the end user 
experience gets much worse under Windows Vista, especially with limited 
accounts and UAC active. Signing applications is something anyone who 
distributes on Windows should know about. I hope Scott writes up the 
article.

- Bill