Page 1 of 1

Scary Download Message

Posted: Sat 29 Jul, 2017 9:21 am
by Programmer
If you click on any of the download links on the downloads page at the moment you will see a scary looking message similar to this (depending on what browser you have):

Download Message.jpg
Download Message.jpg (43.65 KiB) Viewed 1067 times


This is because I have stopped digitally signing the files as of 28 July 2017 when my last certificate expired until further notice. The reason is it has become a lot more expensive to renew. The expensive part is not the code signing certificate itself but the identity verification process. There used to be a company that offered a postal verification service and it was relatively inexpensive, but they have now gone and the remaining companies all require in person identity verification. If I lived in the USA this would not be a problem because it would be enough to get a certificate from any attorney or public accountant. But the companies that issue these certificates only recognize a couple of notaries for this purpose in Spain. The nearest one to me is in Madrid which means I would have to take a day off work to do this. Even after getting the certificate I would then have to pay an approved translator to get it translated into English before they would look at it. So adding together the cost of transport, the notary fees, the translation fees and the opportunity cost of a day's lost work it is getting a bit prohibitive. If it were a one off all-time expense I would think about it but this is a process which you have to repeat periodically to keep the certificate valid.

I am trying to look for a way round this issue but in the meantime please be assured that the program and all the rest of the downloads are exactly the same as they were before I stopped signing them. Thanks and sorry for the inconvenience!

Re: Scary Download Message

Posted: Thu 21 Dec, 2017 4:18 pm
by Programmer
Just as a follow up to this, back in September I decided to bite the bullet and do and pay whatever it takes to get the software verified again. I have been working on it since then, hopefully by February 2018 there should be some kind of breakthrough, the sticking point at the moment is trying to obtain the correct, audited documentation from my telephone provider in Spain to satisfy the demands of the US certification authority. Anyone who is understandably reticent about downloading because of the scary messages should keep checking back. Sorry again for the inconvenience.

Re: Scary Download Message

Posted: Thu 21 Dec, 2017 4:52 pm
by WebWeaver
Good luck. As someone who uses a lot of Open Source & small developer software, I'm very used to seeing it. However for those people who don't use downloaded programs, I could see how they might be a bit scared.

Happy Solstice!

Re: Scary Download Message

Posted: Sat 27 Jan, 2018 2:42 pm
by Programmer
I am happy to say I finally got my identity verified to the satisfaction of Comodo which is one of the companies that issue code signing certificates. So I am back to digitally signing all my executable files and there should be no more scary download messages about the program being a potential threat (allowing for a bit of caching on the server anyway). Yea! (H)