Would it be appropriate for Oxygen to sign third-party code though? This seems like just working around a problem.