bjg wrote:Do you sign the whole (modified) file or just the executable part?
Signing gets tricky. But these days, it seems like you really *need* have a digital signature on any executable (downloaded installer or otherwise), or else most security software will go nuts with warnings, etc. So we do sign both the game exe's and the user-customized installer. That actually ruins what would otherwise be a pretty efficient server backend -- because to sign the installer, we need to copy the (user customized) installer bitstream to disk, run the 3-rd party signing software, and then read it back into memory.
That's part of the reason why it's useful to keep the initial installer download small -- quickly generating a digital signature for a 3mb installer exe is a lot more practical than doing the same thing with a 3gig data blob.
Of course, when the GoG distro rolls out (which looks like it will happen soon), they'll probably be distributing 3gig data-blobs with no user customization whatsoever. Interestingly, while the GoG distro strategy avoids putting any user info in the initial downloaded, they've given us a bunch of tools to gather user info from anyone who has GoG galaxy *installed* on their machine (Galaxy doesn't even need to be running for this to work: a fact which confused me for a while there when I was writing up the GoG support hooks).