When I add a digital code signature to a program, what are the legal consequences of this? I know it makes me (or rather my company) the software publisher of the program, but does it have copyright consequences? Do I become the manufacturer of the software who can be held responsible for the software?

The background information is that my company maintains a software program for a international organisation, who holds the copyright for the software. Should the software be digitally signed by my company, that actually creates it, or should it be digitally signed by the (copyright) owner of the software?

Best regards,

Arie

Arie,

You have to check this with a layer (it depends on different factors). But in general, if you code-sign ("sign") a file then you take over responsibility. For example, if the 3rd-party file contains a virus (or has some code embedded that formats a hard-drive) and you code-signed it then you are responsible because YOU (and not the 3rd-party file vendor) signed it.

And quite a few license agreements do not allow to "change" the binary contents of a file. Code-signing changes the binary contents and so you have to make sure that you have the legal rights to code-sign the files.

BTW, I would never ever code-sign any 3rd-party component.

Friedrich