Given that signtool is used to sign and verify software objects, customers
should be able to trust that they have a version of signtool that they can
trust - otherwise object signing doesn't make sense.
I would like to propose that iPlanet/Mozilla.org, digitally sign the binary
and source distributions of signtool and make them available on your web
Additionally, allow customers to be able to buy an official CD-ROM from
iPlanet/Mozilla.org with signed versions of the signtool binary and source.
This way customes won't have to trust the websites, if they prefer to trust
official CD-ROMs from the company.
marking signtool bugs as future until 3.3 plan is ready.
Set Target Milestone to NSS 3.3. Assigned the RFE to
Bob for evaluation.
Signing out distribution in general would be a good idea, just not for 3.4.
Changed the QA contact to Bishakha.