It's great that technologies, like Adobe AIR, encourage software publishers to take responsibility for their software. It's too bad that the only way to do that is to pay protection money to overpriced certificate vendors.
|
I recently released my Air Server and Website Monitoring Tool for free. It's a nice widget to help me monitor all the various websites that I own, and it was a nice reason to learn how to use Adobe AIR. One of the decisions that you have to make before publishing an AIR application is how to sign the application. I just read this article about Digitally signing Adobe AIR applications. The article gives a good justification for why software tool vendors are adding code signing capabilities to their tools:
The choices for signing your application are:
Using the commercial code signing certificate, from companies like Thawte has all kinds of benefits like annual fees, red tape, and not frightening your users who got up enough courage to even try downloading and installing your application. Thawte proclaims "In a world of risk, know who to trust" Here is some pricing, as of August 2008:
|
|
Am I the only one who thinks that is outrageously expensive? The article on code signing mentions in more than one place that Verisign and Thawte are (maybe) the only choices if you want users not to see warning dialogs, because, as the article on code signing AIR applications points out:
- However, only VeriSign and Thawte come pre-installed on most end user's machines (Mac OS X or Windows) and are trusted by the operating systems.... Using certificate authorities other than Thawte or Verisign is going to require that the end user (not the developer of the software), or a system admin charged with managing a computer on an enterprise network, manually install a root certificate for that certificate authority.
More of my rant here: The High Cost of Digital Code Signing Certificates To Give Away Free Applications...