Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Sign Windows Application #62

Open
godofecht opened this issue Dec 4, 2024 · 7 comments
Open

Feature Request: Sign Windows Application #62

godofecht opened this issue Dec 4, 2024 · 7 comments
Assignees
@gorillamoe
Labels
enhancement New feature or request windows Only relates to Windows

Comments

@godofecht
Copy link

I think the Windows binaries could use code-signing. I tried to get someone else to download and install Bananas on their system and they freaked out at the Security Prompt.
@gorillamoe
Copy link
Member

gorillamoe commented Dec 4, 2024
edited
Loading

Is on the roadmap, but it's quite a challenge to get one from Microsoft (which will probably cost around 120 USD per year), so either you have to be patient, or someone chimes in and pays the 350+ USD per year that a EV signing certificate for Windows costs.

@gorillamoe gorillamoe changed the title Codesigning, anybody? Feature Request: Sign Windows Application Dec 4, 2024
@gorillamoe gorillamoe added enhancement New feature or request windows Only relates to Windows labels Dec 4, 2024
@godofecht
Copy link
Author

I could sign handle a Windows build with my EV certificate if you'd like.

@godofecht godofecht reopened this Dec 4, 2024
@gorillamoe
Copy link
Member

I could sign handle a Windows build with my EV certificate if you'd like.

I would refrain from signing it manually. It should be part of the CI/CD. The complete flow of creating the releases should be visible to everyone and signing it manually would break the trust and visibility chain.

That said, there is nothing stopping you from signing it and passing it to "someone else", so they don't get the security prompt.

@godofecht
Copy link
Author

godofecht commented Dec 4, 2024 via email

@jssuttles
Copy link

I was looking through Reddit and found this: https://signpath.org/
https://www.reddit.com/r/opensource/comments/nl5u79/is_there_fossfriendly_certificate_authority_to/

@gorillamoe
Copy link
Member

I was looking through Reddit and found this: https://signpath.org/ https://www.reddit.com/r/opensource/comments/nl5u79/is_there_fossfriendly_certificate_authority_to/

Thanks, did not know about this. Will look into it. It might be a good fit for us!

@gorillamoe gorillamoe self-assigned this Dec 7, 2024
@gorillamoe
Copy link
Member

Filled out the form, and created the PDF from it (which was quite a hassle, because of the form layout) and signed the PDF and sent it to the mentioned e-mail-address. Let's hope for the best.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gorillamoe gorillamoe

Labels
enhancement New feature or request windows Only relates to Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gorillamoe @jssuttles @godofecht