[mjard]

> Is it actually possible for everyone to sign their executables? Last time I did it, I had to fork over something like $250/yr for a signing key along with providing copies of various documents. This seems a little high for someone who just, say, wants to make free utilities available to the world.

No, it's not. If you sell programs, then forking over the $250 a year makes sense. If you give away programs, well, is it a loss if a user is scared off? (Serious question)

> In the case of Firefox, one would think it would be possible for you guys to do something about it on your end.

In the end, this is what we did. But it is impossible to do this for everybody.

> because you're the ones who added this reputation system that's causing users grief.

Oh boy. We did keep stats on this. Files that the reputation system scored to be "bad" and were later vetted. All in all, the reputation system works really well. There are some false positives and those do cause grief, but a majority of the time, the system blocks legitimately bad software.