Digitally Signed Binary #258
Comments
|
See #170 |
|
But since windows 10 is out it would be good to keep chocolatey up to date as people can use that as package manager now. |
|
What is the benefit to sign it in this case? About the version on chocolatey, I plan to release a new one but there are still some important issue that I need to take care of before. |
|
I'm not sure if it is my job to explain why would it be beneficial to sign a binary that is distributed through unsecure channels and which can act as a local webserver. The benefit would be improved securtiy and better interoperability with Applocker. |
|
My question was misleading, I know the benefit of code signing but I never had the need for a small tool to be signed. A majority of small tools available on the web aren't signed. And there is also the cost: a certificate isn't cheap, I can't spend 100$/year for every projects I work on. |
|
The fact that it is a small tool doesn't make it any less prone to be tampered. |
|
You've got a point and I think I found the lower price for code sign certificate for open source project at Certum. So the code sign will happen but I can't say when. |
|
I'm not a fan of strong naming. @urmajom You can always use Strongnamer: https://github.com/dsplaisted/strongnamer |
|
I think that @urmajom was talking about code signing and not strong naming. |
It would be nice to have an official, signed binary to download.
The text was updated successfully, but these errors were encountered: