I assume you don't ship signed software. If you did, you might see things differently. Unless I've misunderstood, you've made this possible:
I release my software with my digital signature attached
A malware author downloads my software, extracts my certificate, and
applies it to his malware
- His software infects a user's machine and damages it. The user
discovers the infection, looks at the signature, **Wine says that the certificate is valid**, and the user blames me.
Please, either tell me I'm wrong, or make Wine honest about what it's telling the user.
No, you're not wrong, and this email was my attempt at being honest.
I'll point out that there are other avenues of attack that can lead Wine to "mislead" the user about who signed an executable. However, in my professional opinion, a signature on a binary isn't worth the bits its encoded in. Any software, signed or not, can contain vulnerabilities. With the size and complexities of today's software, and with signatures only being affixed to the largest and most complex software, I'll state that in my opinion it's the signed software which is more at risk than the unsigned software. If you believe a piece of software signed by Microsoft (or Apple, or...) is any more trustworthy than some random piece of code, you needn't look far to disabuse yourself of that notion.
Even so, an exploit is far more likely to target Windows, and perhaps to fail on Wine, than it is to target Wine. I'm not attempting to hide behind a security through obscurity defense. I'm pointing out that even if digital signatures meant anything--and I maintain that they don't--the probability of their being attacked in Wine is very low. Therefore, from a risk management point of view, there's no compelling reason to fix it. I may fix it someday, but as I said before that wouln't remove all code signing vulnerabilities from Wine, it would only remove this particular one.
If you disagree, patches are welcome. --Juan