I need help from the QuickHash-GUI user base.
In 2018, I launched a poll to try and determine how many of the users would want (and be willing to pay for) a code-signed version of the QuickHash-GUI executable. The poll suggested a significant percentage would, because they either worked in corporate IT where running unsigned software was tricky. Or they just valued code-signed software more than unsigned software.
So, I bought a code signing certificate from DigiCert for $250 and made code-signed versions available to buy for £1.99. I made the money back, just, but not by a huge majority.
This year I’ve examined the number of downloads of the unsigned software over the signed software. To date there have been about 30K downloads of the unsigned software compared to about 125 signed. That is about 0.4% of the user base of QuickHash-GUI paid £1.99 for the code signed copy.
Well that certificate expired a few months ago, and v3.1.0 of QuickHash is ready for release. But without a new code signing certificate, I can’t make the new version available as a signed release. Digicert now expect nearly $500 for a standard certificate. On the face of it, I don’t think it’s worth me buying another, given the ratio of downloads mentioned above. But then again, it’s nearly a year further on since I last asked the question and I don’t really want my users to not have the choice of getting a code-signed version if they want one.
One solution might be to charge a bit more for it. But then if not that many people bought it at £1.99, how many more will buy it if I charge more like £10? It’s a difficult question to try and guess about, and I don’t really want to be $500 poorer!
So please use the comments below to express your views and let me know what you think. I need the opinions of the users to best answer this one. Shall I just release v3.1.0 with no code signed option? Or shall I buy a new certificate and make code-signed copies available? Let me know folks.
Ted
I’m not a Windows user myself, but I probably wouldn’t care about it myself.
And I definitely wouldn’t pay (more) for the feature.
Many thanks for the note. I certainly have not had many e-mails since I discontinued offering code-signed version to ask me to make it available again. One or two here and there but not enough to justify it.
I don’t personally need a signed version.
I’d like to see a pgp signed version which might satisfy some of the corporate people. It’s kind of a half step.
can’t you get a cheaper cert? Thawte for instance advertises $299 (£242) for 1 year and $520 for 2 years
You’re right Bill…cheaper options do exist. But, I like DigiCert for it’s reputational aspect and Symantec alignment. I could get a Comodo one for about $150 per year. But I gather the wait times and application process is more drawn out. The issue I have overall is whether it is worth it overall. The last year or so has shown to me that most people don’t want it, or at least are not prepared to pay even just a few dollars\pounds for a code signed copy. And if that is the case, then it begs the question as to why bother at all? Yet, before I first made a code-signed copy available, I got quite a few, and quite frequent, requests for code-signed copies due to security alerts and even some anti-virus false positives, which did not help reputationally, at all.