Brad Huntting writes:
Many Mac viruses that I've seen come straight from Microsoft neatly sealed in plastic on brand new disks. If they signed them it would not increase my confidence one iota.
How would getting Betsi to sign them increase your confidence? Betsi doesn't seem to claim to do any testing of the software, they just verify that it was really Bill Gates' company (in this example) that shipped the Microsoft product. BFD -- they can buy their own ViaCrypt PGP. I think people are missing my point: that having a third party sign your software without any testing (Betsi is free, after all) adds *nothing* except for a human-to-name mapping, and increases the risk of the signature being compromised. Now, there probably is a market for somebody who tests the software first and then certifies it -- in fact, that will probably be a big business in the future, one I can easily see someone like Cygnus getting into. But that's not what Betsi claims to do, and I certainly don't want to contemplate the legal issues (do you get your ass sued off when you're wrong? Almost certainly) involved with anybody trying to do that. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus@bb.com | you understand?"