Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Don't Bother Signing Your Code...

DZone's Guide to

Don't Bother Signing Your Code...

· Java Zone ·
Free Resource

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

Let's recap: my commercially distributed plugin is currently unsigned. I'm debating the question whether I should invest the time and money and sign the plugin. I published a poll last week on the subject and the answers are quite definitive. 

Here are the results:

  • 87% voted that they simply don't care.
  • 13% voted that they will check the website before proceeding.
  • Not a single vote claiming that he/she will never install an unsigned plugin. 
  • 79 people voted, out of 727 reads for the article. That's almost 11%. For comparison, the poll on XML handling got about 13% participation.  That's almost 20% more. As I see it: people that don't care are less inclined to vote. People who oppose will likely vote, to have their strong opinion heard.
My conclusion: don't bother because people don't care. 

If you still going to sign your code, go with Peter's tip and buy the certificate from Tucows. At $75, they seem to be the cheapest around and you get exactly the same certificate (they buy them in bulk...).

I still think there's a point in keeping the unsigned warning when installing such a plugin. Some people will check the origin to make sure it is bona fide. But then, again, I've never heard of a malicious Eclipse plugin. I guess there's always a first time...

From http://blog.zvikico.com/2010/05/dont-bother-signing-your-code.html

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}