<h2 id="q-can-i-redistribute-the-lamexp-software"><span class="header-section-number">8.2</span> Q: Can I redistribute the LameXP software?</h2>
<p><strong>A:</strong> Yes. LameXP is <a href="http://en.wikipedia.org/wiki/Free_software">free software</a>. You may modify and/or redistribute it freely, according to the terms of the <a href="GNU%20General%20Public%20License"><em>GNU General Public License</em></a>. However, be aware that it is <em>strictly forbidden</em> to bundle the LameXP program files and/or the LameXP installation program with any kind of Adware, Spyware or PUP (potentially unwanted program). Usually, <em>no</em> additional permission will be needed. If, however, you wish to redistribute the LameXP software in a way that does <strong>not</strong> <em>comply</em> with the license terms, a written permission by the author of the LameXP software is required!</p>
<h2 id="q-how-can-i-donate-to-the-authors-of-lamexp"><span class="header-section-number">8.3</span> Q: How can I donate to the authors of LameXP?</h2>
-<p><strong>A:</strong> At this time, the authors of the LameXP software do <strong>not</strong> accept any donations, in terms of money. If you wish to support the LameXP project, then you may do so by contributing translations, by improving the LameXP program code or by providing web-server capacity.</p>
+<p><strong>A:</strong> LameXP is a <em>non-profit</em> project. The authors of the LameXP software do <strong>not</strong> accept any donations, in terms of money. If you wish to support the LameXP project, then you may do so by contributing translations, by improving the LameXP program code or by providing web-servers.</p>
<h2 id="q-why-is-this-software-called-lamexp"><span class="header-section-number">8.4</span> Q: Why is this software called <em>LameXP</em>?</h2>
<p><strong>A:</strong> Originally, the LameXP software was created as a very simple <a href="http://en.wikipedia.org/wiki/Graphical_user_interface">GUI front-end</a> to the <a href="http://lame.sourceforge.net/"><em>LAME</em></a> MP3 command-line encoder. The original version of this software, released some time in 2004, did <strong>not</strong> support any encoders except for LAME, it did <strong>not</strong> support any input formats except for Wave Audio, it did <strong>not</strong> support any audio filters, it did <strong>not</strong> support multi-threading, it did <strong>not</strong> support Unicode file names and it did <strong>not</strong> handle meta information. Because the software was a front-end to LAME, because it was running on the Microsoft Windows operating system and because, back at that time, <em>Windows XP</em> was the most popular Windows version (by far), I decided to call the software "LAME front-end for Windows XP" – or, in short, <em>LameXP</em>. Note the most creative name, I have to admit. Anyway, more and more features have been added to the LameXP software over the years. Also, the software has been re-written from the scratch at least two times. Nonetheless, the original name of the software has been retained. This is partly because people have become used to that name, and partly because I simply haven't been able to come up with a better name…</p>
<h2 id="q-why-are-the-lamexp-binaries-not-digitally-signed"><span class="header-section-number">8.5</span> Q: Why are the LameXP binaries <em>not</em> digitally signed?</h2>
-<p><strong>A:</strong> They <em>are</em>! The official LameXP binaries <em>are</em> digitally signed, by <a href="http://de.wikipedia.org/wiki/Pretty_Good_Privacy"><em>PGP</em></a> signatures, using the <a href="">GnuPG</a><a href="http://de.wikipedia.org/wiki/GNU_Privacy_Guard">http://de.wikipedia.org/wiki/GNU_Privacy_Guard</a> software. However, the LameXP binaries are <em>not</em> signed in a way that the Microsoft Windows operating system recognizes. Note that Microsoft Windows does <strong>not</strong> recognize PGP/GnuPG signatures. For this reason, Microsoft Windows may show a warning when trying to launch or install the LameXP software. Microsoft Windows will also complain that the LameXP software originates from an "unknown publisher".</p>
+<p><strong>A:</strong> They <em>are</em>! The official LameXP binaries are digitally signed by <a href="http://de.wikipedia.org/wiki/Pretty_Good_Privacy"><em>PGP</em></a> signatures, created using the <a href="http://de.wikipedia.org/wiki/GNU_Privacy_Guard">GnuPG</a> software. However, the LameXP binaries are <em>not</em> signed in a way that the Microsoft Windows operating system recognizes. Please note that Microsoft Windows does <strong>not</strong> currently recognize PGP (GnuPG) signatures. For this reason, Microsoft Windows may show a warning when trying to launch or install the LameXP software. Microsoft Windows will also complain that the LameXP program files originate from an "unknown publisher", despite they <em>are</em> signed.</p>
<p>So why are the LameXP binaries not signed in the way Microsoft Windows recognizes? This is because Microsoft Windows uses a <em>hierarchical</em> trust model: Windows trusts into a number of <em>Certificate Authorities</em> (CA), which are built into the operating system. These CA's can issue signing certificates, e.g., to software companies. The software company can then use its signing certificate to sign their binaries. Finally, Windows will verify the signature by using the corresponding signing certificate. And the signing certificate is verified using the <em>built-in</em> CA certificate. However, this system is <em>flawed</em>: First of all, CA's do <em>not</em> create signing certificates for free. Also these certificates are only valid for a limited period of time. LameXP is a <em>non-profit</em> project and therefore we can <em>not</em> afford buying new certificates in regular intervals. Secondly, and even more important, the whole system depends on the <em>trustworthiness of the CA's</em>. But, as we all (should) know by now, these CA's can be forced to create "bogus" certificates, e.g. by intelligence services or other governmental organizations. Please also see <a href="http://blog.fefe.de/?ts=b25933c5"><strong>this</strong></a> blog post by "fefe" for an in-depth explanation.</p>
<p>If you want to verify the LameXP signatures yourself, then you may do so by using the <a href="http://www.gpg4win.de/">Gpg4win</a> software package, an easy-to-use distribution of the <em>GnuPG</em> software for Microsoft Windows. Of course you will also require the <em>public</em> key of the LameXP developers. The <em>finperprint</em> of the official GnuPG signing key is <code>3265784425BF2B394F67CE07106A413D6CF3FA22</code> and the corresponding public key block is provided in the following. If you are <em>not</em> familiar with the GnuPG software yet, please have a look at the <a href="http://www.gpg4win.de/documentation.html">Gpg4win compendium</a> or the <a href="https://www.gnupg.org/documentation/manuals.html">GnuPG manual</a>.</p>
-<p><strong>LameXP public GnuPG key:</strong></p>
+<p><strong>LameXP public PGP (GnuPG) key:</strong></p>
<pre><code>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.21 (MingW32)
## Q: How can I donate to the authors of LameXP? ##
-**A:** At this time, the authors of the LameXP software do **not** accept any donations, in terms of money. If you wish to support the LameXP project, then you may do so by contributing translations, by improving the LameXP program code or by providing web-server capacity.
+**A:** LameXP is a *non-profit* project. The authors of the LameXP software do **not** accept any donations, in terms of money. If you wish to support the LameXP project, then you may do so by contributing translations, by improving the LameXP program code or by providing web-servers.
## Q: Why is this software called *LameXP*? ##
## Q: Why are the LameXP binaries *not* digitally signed? ##
-**A:** They *are*! The official LameXP binaries *are* digitally signed, by [*PGP*](http://de.wikipedia.org/wiki/Pretty_Good_Privacy) signatures, using the [GnuPG]()http://de.wikipedia.org/wiki/GNU_Privacy_Guard software. However, the LameXP binaries are *not* signed in a way that the Microsoft Windows operating system recognizes. Note that Microsoft Windows does **not** recognize PGP/GnuPG signatures. For this reason, Microsoft Windows may show a warning when trying to launch or install the LameXP software. Microsoft Windows will also complain that the LameXP software originates from an "unknown publisher".
+**A:** They *are*! The official LameXP binaries are digitally signed by [*PGP*](http://de.wikipedia.org/wiki/Pretty_Good_Privacy) signatures, created using the [GnuPG](http://de.wikipedia.org/wiki/GNU_Privacy_Guard) software. However, the LameXP binaries are *not* signed in a way that the Microsoft Windows operating system recognizes. Please note that Microsoft Windows does **not** currently recognize PGP (GnuPG) signatures. For this reason, Microsoft Windows may show a warning when trying to launch or install the LameXP software. Microsoft Windows will also complain that the LameXP program files originate from an "unknown publisher", despite they *are* signed.
So why are the LameXP binaries not signed in the way Microsoft Windows recognizes? This is because Microsoft Windows uses a *hierarchical* trust model: Windows trusts into a number of *Certificate Authorities* (CA), which are built into the operating system. These CA's can issue signing certificates, e.g., to software companies. The software company can then use its signing certificate to sign their binaries. Finally, Windows will verify the signature by using the corresponding signing certificate. And the signing certificate is verified using the *built-in* CA certificate. However, this system is *flawed*: First of all, CA's do *not* create signing certificates for free. Also these certificates are only valid for a limited period of time. LameXP is a *non-profit* project and therefore we can *not* afford buying new certificates in regular intervals. Secondly, and even more important, the whole system depends on the *trustworthiness of the CA's*. But, as we all (should) know by now, these CA's can be forced to create "bogus" certificates, e.g. by intelligence services or other governmental organizations. Please also see [**this**](http://blog.fefe.de/?ts=b25933c5) blog post by "fefe" for an in-depth explanation.
If you want to verify the LameXP signatures yourself, then you may do so by using the [Gpg4win](http://www.gpg4win.de/) software package, an easy-to-use distribution of the *GnuPG* software for Microsoft Windows. Of course you will also require the *public* key of the LameXP developers. The *finperprint* of the official GnuPG signing key is ``3265784425BF2B394F67CE07106A413D6CF3FA22`` and the corresponding public key block is provided in the following. If you are *not* familiar with the GnuPG software yet, please have a look at the [Gpg4win compendium](http://www.gpg4win.de/documentation.html) or the [GnuPG manual](https://www.gnupg.org/documentation/manuals.html).
-**LameXP public GnuPG key:**
+**LameXP public PGP (GnuPG) key:**
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.21 (MingW32)
OSDN Git Service
