The new version for windows does not seem to be signed/certified. Will we be getting a signed version soon?
When you use KeePass you are entering into a direct trust relationship with the KeePass authors. You can verify the authenticity and integrity of a downloaded version of KeePass by confirming a match between the Hash published by the authors with a computed Hash of your downloaded version. For details see http://keepass.info/integrity.html.
Various other signatures and keys to verify your download are available via links at the bottom of the downloads page.
KeePass releases are not signed with a commercial digital certificate or certified by a certificate authority. For an explanation of code signing see http://msdn.microsoft.com/en-us/library/ie/ms537361%28v=vs.85%29.aspx.
I see. When I launch the 2.26 setup it prompts me that it is not signed. This does not happen when I launch the 2.25 setup. I suppose this could be because I have previously allowed it to launch in the past.
The warning messages also display on current OSes with earlier version KeePass setups (e.g. 2.25).
You probably need to right click on KeePass-2.26-Setup.exe, select Properties and Unblock.
But what is there against signing the application and installer with a certificate?
For open source it can be get, free here:
I think that's easier than manually checking md5 or something else.