Isn’t it a bit worrisome that this site isn’t served over https? A site where you can download a binary blob that needs elevated privileges to run? I mean I don’t want to run the sdk setup this way, as far as I can tell I can’t really trust it.

(Meanwhile I’ll just try to build it from source or something.)

1 Like

Hi @Wieke.

I’ve never really been concerned about it myself.

Once we can find the time and money to pay for the certificate and set things up we’ll get it done.

That is always your best bet if you’re concerned about the security of things.

@Tom You can get a free cert from a new open CA that formed:

Now it’s just a matter of the time part… :slight_smile:


Even if downloaded from https, you cant be 100 % sure of what you download. Anyone can have an https with free certs, so what can make an app the “true” one as the file is independant from https.
When you download an app, it is at first a matter of trust in the publisher or not.
The one and only one you can (or not but this is another debate) trust is your antivirus.

That is really cool… I had not heard of this. Thanks for the link.

Well on that subject we’ve been needing to start signing our Windows installer with our own cert. That should sort of help a bunch with trust in the installer and its content.

I would avoid using an unfamiliar brand… would give the site an unprofessional look and feel…

If at all possible Can we run a Website Fund each year so we can contribute towards the server costs and SSL? like $1/£1+

I am aware of the donations page which I plan to use soon, but we could have a more direct fund for these things… I am aware it can hit some costly certificates as you will require a wildcard certificate as you are using subdomains [Something I avoid for this very reason]

GlobalSign is the most common certificate provider I believe… oh and VeriSign… uses that one…

Hope that helps…

If you are referring to Let’s Encrypt, I wouldn’t say it’s an unfamiliar brand. It’s not yet very widespread, but it’s supported, sponsored and developed by companies like Mozilla, Facebook and Google.

1 Like

@Jjagg Oh that project… I see… still… not a reason to trust it… but then who the heck are GlobalSign and VeriSign any way :stuck_out_tongue:

Yup I float both boats :slight_smile:

The problem looks to be that of hosting compatibility…

Even though I have known you @Jjagg a short while you got me to take a look at that site, I am less inclined to visit random sites these days… which is why I did not look at it earlier… got used to this manner from a previous forum…

Any luck with it @Tom? I can take a closer look at the documentation if it helped…

@MrValentine The cert you use for SSL / TLS in no way affects how the site looks. I would wager <1% of users click to view the specifics of a cert to see who generated it. From a consumer perspective, it doesn’t matter if the cert is from verisign or xyz.

What matters most for certs is if the CA is bundled with the browser. This determines if you see the typical green (for EV certs) bar or padlock vs a warning symbol (for an unknown cert). From looking at this page:

It seems their certs are compatible with almost all current browsers (older ones might not recognize it).

However… If you think we can raise the money for a Verisign cert… then go for it… but versign certs are notoriously more expensive than certs need to be :slight_smile:

1 Like

The thing is some hosts give a free SSL with the hosting service too…

As we do not know anything about the MG hosting service we cannot comment further on that subject…

But yeah as I mentioned, if there were more direct ways to fund MG I think some of us on the community would do it…

Even if a Kickstarter were run once a year, I for one would be more than willing to contribute to it, at least $/£10 minimum… perhaps we can get t-shirts or posters in return, or at higher levels $/£500+ we can get some support time from the MG team in our projects? and it can be set to something like $/£250-500 as a target… I don’t know, but I think for something that is as useful as MonoGame is, I think it should have some form of support aside from the donate page… just to kick things into higher gear such as SSL, some support from Discourse for patching the forum up and enhancing it… these are not cheap either… but a good community deserves good tools!

OKOK Evangelism mode off… :innocent::blush: