That's nice, but you can't eat dignity. :P

But you can hold yourself to higher standards.

My family taught me to always do the right thing, which, most of the time, is neither the most convenient nor the most profitable.

It should be trivial to provide a free binary signing service that required some steps to prove the person (or website) is the person asking the binary to be signed (much like Google asks me to upload a file or setup a DNS record) and match the file signature to the URL of the download. Let's not forget every one who would rely on it already paid for a license of Windows.

Of course, this would probably kill download sites, but the internet would be better off without them anyway.

It's possible that the reason Authenticode doesn't work like this is legal rather than technical: it was deployed at a time when Microsoft was already subject to considerable regulatory scrutiny for a wide variety of alleged anticompetitive practices, so, independent of motivation and technical merits, scary warnings about third-party code not "certified" by Microsoft may have been legally ill-advised.

That's exactly my point. This is clearly an issue of business and not "pride", so the whole "pride" argument to shame someone into a business decision is really questionable.

Well, clearly it would be an issue of "pride" if you'd be too proud to cave in to "certificate blackmail" as you call it.

I read that as a response to the parent - "If you are proud of your work, sign it" - pointing out that "pride" could reasonably cut either way, so it's a spurious argument in the first place.

Hope you're proud enough to see 50% dropoff rates like this guy then.