Update FAQ document.

This commit is contained in:
LoRd_MuldeR 2013-10-27 19:43:19 +01:00
parent 3b0577c733
commit bff76873d0

View File

@ -30,6 +30,7 @@ a:visited { color: #0000EE; }
<li><a href="#de1c5e44">What license is LameXP released under?</a> <li><a href="#de1c5e44">What license is LameXP released under?</a>
<li><a href="#303e5fa7">Do I have to pay for LameXP? / How can I donate to the authors of LameXP?</a> <li><a href="#303e5fa7">Do I have to pay for LameXP? / How can I donate to the authors of LameXP?</a>
<li><a href="#e75ad4ac">Why is the thing called "LameXP" although it does so much more?</a> <li><a href="#e75ad4ac">Why is the thing called "LameXP" although it does so much more?</a>
<li><a href="#f8161df3">Why are the LameXP binaries not digitally signed (seemingly)?</a>
<li><a href="#054010d9">MP3, AAC/MP4, Vorbis, FLAC or Opus - What is the best audio format?</a> <li><a href="#054010d9">MP3, AAC/MP4, Vorbis, FLAC or Opus - What is the best audio format?</a>
<li><a href="#411d1257">What is the difference between the CBR, VBR and ABR rate control modes?</a> <li><a href="#411d1257">What is the difference between the CBR, VBR and ABR rate control modes?</a>
<li><a href="#71a113b0">How do I enable AAC/MP4/M4A output (encoding) in LameXP?</a> <li><a href="#71a113b0">How do I enable AAC/MP4/M4A output (encoding) in LameXP?</a>
@ -252,6 +253,105 @@ So to make a long story short: The name has historical reasons and probably isn'
<br><br> <br><br>
<a name="f8161df3"></a><b>Why are the LameXP binaries not digitally signed (seemingly)?</b><br>
<br>
The official LameXP binaries *are* signed digitally, using GPG/GnuPG. They just are NOT signed in a way that<br>
Microsoft Windows recognizes. For this reason, Microsoft Windows may show a fat warning that the program is<br>
from an "unknown publisher", when trying to install or update LameXP. But you can ignore this warning safely!<br>
<br>
So why LameXP binaries are not digitally signed in the way Microsoft Windows recognizes? This is because<br>
Microsoft Windows uses a *hierarchical* trust model: Windows trusts into a number of Certificate Authorities<br>
(CA's). These CA's issue certificates to, e.g., software developers. Finally, the software developer can use<br>
his certificate to create digital signatures. Windows will then verify the software signatures by using the<br>
corresponding certificate. The certificate, in turn, will be verified by checking the CA's digital signature.<br>
<br>
Unfortunately, this process is fundamentally flawed, because it totally depends on the CA's trustworthiness!<br>
But, as everybody should know by now, CA's can *not* be trusted at all! That is because intelligence services<br>
and other governmental organisations can force CA's to issue "bogus" certificates! Windows would then accept<br>
these "bogus" certificates and all software signed by it. In other words: The software will appear to have a<br>
valid signature create by the legitimate owner of the certificate - despite it was signed by sombody else!<br>
<br>
So what can we do? We can use GPG/GnuPG, which is *not* flawed in this way! GPG/GnuPG uses a so-called "web<br>
of trust". This means that you *only* trust into keys that you have either verified yourself or that someone,<br>
whom you trust already, has verified. Most important, in GPG/GnuPG it's always YOU who decides whom you want<br>
to trust or not. There is *no* centralized "authority" required or used. Consequently, intelligence services<br>
and other governmental organisations will *not* be able to create "bogus" GPG/GnuPG keys, unless they can<br>
break the cryptographic algorithms (DSA, RSA, etc. pp). But in the latter case, we would be doomed anyway ;-)<br>
<br>
LameXP only trusts into a signle public key, which is the public key of the LameXP developers. This key is<br>
built into any LameXP binary. LameXP will use that key to verify the signatures of any updates (downloads)<br>
prior to installing them on the computer. Thus, once you have a genuine copy of LameXP installed, you can be<br>
sure that only genuine updates of LameXP will be downloaded/installed by the LameXP auto-update utility.<br>
<br>
<br>
Addendum #1:<br>
<br>
Another important fact to understand is that digital signatures do *not* provide any information about the<br>
security or dependability of a software. If a program contains a valid digital signature, it can be verified<br>
that this program really originates from the person/organization who has signed the binary. But that's it!<br>
There can be bugs and security vulnerabilities in a signed piece of software, just like in any unsigned piece<br>
of software. There even is nothing that would prevent an attacker from digitally signing malware programs!<br>
Though, the certificate (public key) of a malware author would hopefully(!) be revoked sooner or later.<br>
<br>
<br>
Addendum #2:<br>
<br>
In theory it would be possibe to add a digital signature that Windows recognizes to LameXP, just to get rid<br>
of the warning message. However, this would require a code signing certificate from one of the CA's that<br>
Windows accepts. But CA's don't issue certificates for free! They sell at approx. 150€ per year. But, because<br>
LameXP is a non-profit OpenSource project, the developers can NOT afford buying a code signing certificate.<br>
<br>
If anybody is willing to contribute a code signing certificate to the LameXP project, please contact us! ;-)<br>
<br>
<br>
The finperprint of the LameXP GPG/GnuPG signing key:<br>
<font class="code"><b>3265784425BF2B394F67CE07106A413D6CF3FA22</b></font><br>
<br>
The complete LameXP GPG/GnuPG public signing key:<br>
<table class="code"><tr><td>-----BEGIN PGP PUBLIC KEY BLOCK-----<br>
Version: GnuPG v2.0.21 (MingW32)<br>
<br>
mQGiBEp0LDgRBACbZhtVHbb4tWlJCCxQ3eH9TQ3zUYrI2UHN94Yk8MJGEO1Fxigg<br>
smUAeGRmHKpH24VCB/MaHef83fd3bu2yHSf8xgWe90hZR1pLLfmtxqN1SZu/YlJx<br>
y4LOcxEwSc3P09cDL112fEFKs36d7OPYR6DXk75hWRwsnd0snJEnDHMVKwCgqCsn<br>
9y5rxTeH32sNytkdMMijkD0D/RrNZiCr/uQcT695oLsYkemNQzbN+hd5bmkkXnRi<br>
H27kHeeY1G1zLLFfTk7yKm7UZrTpMYxCXS80ORs9RF9rL8bnzzSiBAIHEz4uc5SD<br>
oH7K3Y526SZ4m4GOLnlVTisd9FXpm0YHB/MXMRrNLZbSzveS3pOEmRny0yeI13cU<br>
y8tqA/4xjW2DPlwB7lIUOcPyXa9pmAkLApCYF4CwUwKw4df6s+4txWkvuD0cJlli<br>
nPK7B7SrMv5c2Eg2UQWpF0WN+s8IqX3eoJ1CI+oBVZVWZMhC+Vojz8K0tIkHWZh7<br>
sy/gUk6XApTN8Ce/xbuMgDhfqxUXzkGzpvR9FJ0Y0R7kNgReUbQzTG9SZF9NdWxk<br>
ZVIgKGh0dHA6Ly9tdWxkZXIuYXQuZ2cvKSA8bXVsZGVyMkBnbXguZGU+iGAEExEC<br>
ACAFAkp0LDgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAQakE9bPP6IqKr<br>
AJ4541p84C0jD/MdL1akNsUtAQOBrwCcDAumPHDCj7wfmmeY/KN+jOmrp8G5BA0E<br>
SnQsOBAQAIy8TJYBYPxVtq8ENPs5qpLv+g3RRc/0TLaimaZGGdbsvANCswgNlxrK<br>
spAb2IFC8Y85jl7PusdXhC89q1gP5cfb6WLzFggRZt6UEE3dJ+aBuKSu+k+y1n/v<br>
R8oHpptIq3leonG5dXte5ZAYg+ID7DZz2QWgu4oWeDnUl945DLSCGj4vuT5sY/wi<br>
zNv6PV2E0Bl+HIwkzlwHa9vYRPx84FL9eFM7llJdH5TYQZ+VkdqKIfAUWwXsDeqD<br>
7YviIWLBbDxCtgfVB7sGYRZltMO9Nir7igO8SxOawkuBtLzU2ZbevBOSZmxami33<br>
E2oAGWtcXGhKHMy7vPOQKfShcf2N0QMhNDSR54nxuu3/BW9diwYubJCkbkP/gv7g<br>
GU/0eVWp19LeQN92zcmRN0JcJtu71T6Pcel9ZttEy/xyNyOrqhMP7vDd2sExwsYZ<br>
VUqlOg7hA++TMCmNcxLQgWlb7tJxhNr4pBkJiX6Guu8/3fhQ0If99ZlpeCpmMJFN<br>
kvhgFMWtCVPk5u1i/lwXsSoRcRXIfbRAcBqVEe5mgcyBBQZCoK2kQ8qt7Zol6/Lu<br>
9GsY/ag4elArck1EtlK0fxpVUsEskTR2Yw7hY/upPGfI22Wzzfg6WlwaYysyONfF<br>
ecoKS+ZaXVQ9BDAtRDKSD2yXkYDngJLDcbOTOPLxfDP/dKthqzkXAAMFD/0W/s64<br>
tsIju1IGE8uQt1fIZECV8M8HJeVatNEVJyPDrS/WIO0vqedxhod6qpF1UwPBG1gw<br>
WKe7nPhFoBzDayK92umEXUng0nQYmFUJWk7PXI751R1VFVgrbVw+LM2zy0/WRClh<br>
2qUWv+q6JuK56NooPx3sgAE4uuGoiRi8qt8eNuu6FP90LUKo0t9mMEyVAHJdQbcm<br>
tMFFU5K3+UehVYgosfplmLt5wpAs5GjqQSmeXA1DhvXNlPBBVn/tTSqGTw5+boqv<br>
lfwHgLJOqae3GH+HZ1ega2/qb5PFVZRpV9PrRh38IRe0ZM0Y0yQtlhUPywksD8UM<br>
KttadTHcBW4O/EZCEAOg69fc52mDs5GykJoXCOLsEc3/x2YJk8hvID3gR+qX/wxX<br>
WDTVY0KL1IC+xo4Y3BxKXHd8EPhOyR52mHm6BvVE/bbMeQjTF0pPjqIL1iM23crA<br>
Z9oYAtzYTOYyjtzx7SzY0SU+0jB7k7akr70vlbNR+Hk5iAR43MFoE5LyQpsmaUob<br>
W8WwGwTUabrs0KXXNC6OotfZqylL+cgn+STDdmGLiW0rw7Yv6CxR+ZW77yiWHYam<br>
TXY0hzq4U/9NnWwgCJErG5qausG8YidfDHenKIwZfc36d/bm6FSv5XGxShM7J4aO<br>
uhZnmF9iIfovqAe60soJ+uH6UOnxEB6LHZNhiohJBBgRAgAJBQJKdCw4AhsMAAoJ<br>
EBBqQT1s8/oi0RsAniNAOQRb8roflIOXVmeW3uB50RVtAJwLS5O19VD1W0HxjNZ6<br>
sE7XdEZn+w==<br>
=WDwE<br>
-----END PGP PUBLIC KEY BLOCK-----</td></tr></table><br>
<br><br>
<a name="054010d9"></a><b>MP3, AAC/MP4, Vorbis, FLAC or Opus - What is the best audio format?</b><br> <a name="054010d9"></a><b>MP3, AAC/MP4, Vorbis, FLAC or Opus - What is the best audio format?</b><br>
<br> <br>
This question can NOT be answered in general. The best audio format is the format that works best for you!<br> This question can NOT be answered in general. The best audio format is the format that works best for you!<br>