|
I said yes as we *have* to sign iPhone apps. It is a PITA though, the certificate process is clunky and error prone.
|
|
|
|
|
Yes, I sign my applications when appropriate. As an independent consultant, if I am the sole author for the application, I put my cert on it. If I am working on a team in a corporate setting, I only do what their norm is (some do have self-hosted certs, other have none, and have not seen any corporate development using purchased certs).
It is not that expensive. Someone pointed out Comodo sells one for less than $200. You can buy a GoDaddy cert for $70/yr, and with a little extract, use it to sign your apps. Only ones using $600 certs are the idjets that can/will not shop or check around.
|
|
|
|
|
It seems to me that certificates shouldn't expire.
|
|
|
|
|
I have no problem with the expiring certificates. The purpose, as I understand it, is to re-validate the author, to make sure the author is still legitimate and continuing entity.
|
|
|
|
|
It's just a "tourist trap" for software houses. You know who you are and why use some kind of a root dns server to let others know who you are? Ridiculous!
|
|
|
|
|
The only reason I can see is that QuickBooks and some other products recommend that software you produce that integrates with it be signed. When QuickBooks brings up the screen that asks the user if he wants to allow the third party application to have access to QB, it also tells the user if the application is signed (trusted) or not.
Other than that, I can't see that anyone cares.
So, to integrate with QB it costs $750 to have your app tested, $1200/year for registration as Gold developer, and $300 - $500/year for the certificate. $2500/year is almost not worth it just to integrate with QB.
SS => Qualified in Submarines
"We sleep soundly in our beds because rough men stand ready in the night to visit violence on those who would do us harm". Winston Churchill
|
|
|
|
|
Jim (SS) wrote: recommend
We integrate with QuickBooks and have never signed our stuff and no one has ever brought it up.
"It's so simple to be wise. Just think of something stupid to say and then don't say it."
-Sam Levenson
|
|
|
|
|
I only hear it when I'm walking them through the initial connection and they see the screen that warns them the application is not signed/trusted.
SS => Qualified in Submarines
"We sleep soundly in our beds because rough men stand ready in the night to visit violence on those who would do us harm". Winston Churchill
|
|
|
|
|
I write apps for traders within my company, so there's no point in signing my apps. None of my apps are used outside the company.
Cheers,
Vıkram.
I don't suffer from insanity, I enjoy every moment of it.
|
|
|
|
|
We started signing our DLLs after a couple of customers asked if we could (they required it in their distributions).
It's really not expensive: a Comodo cert is still less than $200/yr. We spend more than that on ink for our printers.
|
|
|
|
|
So how about it?
I for one don't like it at all when a program is signed - I usually remove the signature immediately so I can mess around with it better. (which is a bit of control that is very important to me)
|
|
|
|
|
If your application provides self-updating features, are you digitally signing your updates? I'm not talking about expensive certificates. Just generate yourself a public and private key, put the public key in the self-update code, use the private key to sign your updates server-side. Does anybody do that?
|
|
|
|
|
I do. That's why I voted 'Yes for some apps.'
|
|
|
|
|
Of course lots of people sign their .net assemblies as well but that's not what the survey is about.
"It's so simple to be wise. Just think of something stupid to say and then don't say it."
-Sam Levenson
|
|
|
|
|
All comments here seem to be against - but how do you get round the problem of Vista always alerting the user that the app is from an 'unknown supplier' ? We would rather avoid using digital signatures but have just paid out for a second year ($500) mainly because of Vista.
|
|
|
|
|
blame vista
At least, that's what usually happens.
|
|
|
|
|
All it says about the software is that the publisher could afford a certificate.
They're ridiculously overpriced and mean absolutely nothing to the average end user.
We've been publishing software for the general public for over a decade; at this point hundreds of thousands of people have downloaded and installed our software and exactly zero people have ever brought up the topic of a digital signature.
Strong naming and signing .net assemblies on the other hand is free and worthwhile and much more useful.
I'd like to know if this survey was suggested by a signing authority company because if anything it's become less and less important to sign your code and installer not more in this day and age.
"It's so simple to be wise. Just think of something stupid to say and then don't say it."
-Sam Levenson
|
|
|
|
|
It is worst than just wasting money, it is feeding parasites!
I have been forced, by technical reasons, to paid for several digital certificates and the only verification made was on my credit card.
|
|
|
|
|
The previous survey was more interesting than this.
Marcello Turnbull
|
|
|
|
|
I don think it is practical to certify all applications you made especially it cost lot of money for customers and most of them consider it an addition that not useful because it cost which also paid frequently for certification update. but in other wise some companies produces there own certifications without getting them from 3ed party(bad but some time useful)
Whatever you do will be insignificant, but it is very important that you do it
|
|
|
|
|
I voted for the No option.
I am already certified!
HeHe.
Ha Ha Ha!
teheheheheh
Henry Minute
If you open a can of worms, any viable solution *MUST* involve a larger can.
|
|
|
|
|
You.... Digitally Certified??? Verisign certified you ??
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow Never mind - my own stupidity is the source of every "problem" - Mixture
cheers,
Alok Gupta
VC Forum Q&A :- I/ IV
Support CRY- Child Relief and You
|
|
|
|
|
Not digitally, just certified.
Henry Minute
If you open a can of worms, any viable solution *MUST* involve a larger can.
|
|
|
|
|
"Certified", or "certifiable"?
|
|
|
|
|
Well, since the former applies, so must the latter.
Henry Minute
If you open a can of worms, any viable solution *MUST* involve a larger can.
|
|
|
|