cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
thesideline
Level 2

Question about code signing

When creating our MSI installer, we are signing our code but is it standard practice to also sign code that is not ours but will be included in our installer? For example, there are some system DLL's and OCX's that we distribute that are not ours but are not signed. Should we be signing them when we distribute?

Thanks in advance.
Doug
Labels (1)
0 Kudos
(1) Reply
MichaelU
Level 12 Flexeran
Level 12 Flexeran

That is a question of your policy, and of the licenses under which you distribute the third party code. Often you are not allowed to modify a third party's redistributable, in which case you should not be signing it. Furthermore the implications of signing their code is that you are certifying it to be what you represent it to be - that's not something I'd want to do.

If you're trying to sign PE files so you can get Vista Logo certification, however, you may evaluate the choices differently; however the ideal case is if is to get the third party source to sign their files, and then you can redistribute them already signed.
0 Kudos