Sign the installers
Petar
Petar
Thu Jun 28 06:27:48 UTC 2018
On Thursday, 28 June 2018 at 05:57:36 UTC, Seb wrote:
> On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
>> Hey people,
>>
>> So I had a few people in the office refuse to install DMD
>> because when
>> they launched the installer, Windows displayed the prompt that
>> it was
>> untrusted (ie, unsigned) and not offer the install button
>> without
>> manual override.
>> True also for VisualD.
>>
>> Can we get a key and start signing the install packages?
>>
>> It would be super-cool to sign the 2.081 release since it's
>> like, imminent ;)
>>
>> - Manu
>
> For the record, the releases are already signed:
>
> http://downloads.dlang.org/releases/2018/
>
> dmd.2.080.1.windows.zip.sig
> dmd.2.080.1.windows.zip
> dmd.2.080.1.windows.7z.sig
> dmd.2.080.1.windows.7z
>
> Though I know that a PGP signature isn't what you are looking
> for ;-)
Yes it is not. What is needed is for the D Language Foundation to
obtain a code signing certificate from a trusted by Microsoft
certificate authority and then to sign each individual .exe and
.dll part of official realease both in the .7z archive and then
the .exe installer as a whole.
See also:
https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85)
https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate
More information about the Digitalmars-d
mailing list