Sign the installers
Patrick Schluter
Patrick.Schluter at bbox.fr
Thu Jun 28 05:29:54 UTC 2018
On Thursday, 28 June 2018 at 01:34:22 UTC, Jonathan M Davis wrote:
> On Wednesday, June 27, 2018 17:59:42 Brad Roberts via
> Digitalmars-d wrote:
>> On 6/27/2018 5:34 PM, Jonathan M Davis via Digitalmars-d wrote:
>> > On Wednesday, June 27, 2018 17:26:36 Manu via Digitalmars-d
>> > wrote:
>> >> I guess people feel nervous about installing allegedly
>> >> potentially dangerous software on their corporate
>> >> workstation.
>> >
>> > Honestly, that's exactly the sort of thing that I always
>> > ignore. I'd pay
>> > attention if anti-virus software outright said that it found
>> > a virus,
>> > but
>> > "unrecognized software?" That's exactly the sort of thing
>> > that's just
>> > going to get me pissed off at Microsoft for getting in my
>> > way. Though
>> > honestly, Microsoft pops up so many useless messages that it
>> > becomes
>> > easy to miss any that actually matter, because you have to
>> > skip through
>> > so many of them all the time that you stop paying attention
>> > to them.
>> > So, I'm definitely surprised to hear about programmers
>> > refusing to
>> > install something just because Microsoft doesn't recognize
>> > it.
>> >
>> > - Jonathan M Davis
>>
>> It's all about removing resistance and raising the level of
>> professionalism. D isn't a hobby project and shouldn't act
>> like one. This is an obvious barrier that's worth removing.
>> In this day and age of rampant actively dangerous software,
>> it's an obvious improvement to sign it and make the strong
>> claim that this is produced and vended by the d foundation and
>> we vouch for it's contents. We already do for some (all?) of
>> the posix distribution bundles.
>
> Well, as I said in my initial response, I have no problem with
> the installer being signed. I'm just surprised that any
> programmers would care.
>
The issue in professional setting is not just necessarily about
the programmer himself but the policies of its company or the IT
team in charge of the devs PC.
As stated elsewhere, I work in a public adminsitration and the IT
is handled by another directorate than the directorate I work
for. The IT department is in charge of more than 15,000 PC's. You
can imagine that they do everything to have their control over
that fleet by normalising and tightening policies. They
acknowledge that the developpers need a little bit more leverage
and freedom on their machines by providing some local admin
rights, but even with that, it is sometime quite difficult to
install anything not from the official approved list.
Unfortunately, D has been quite annoying to install. The last
version i.e. 2.080 for instance didn't install as there is one of
the binaries that get quarantained by the anti-virus. Anti-virus
I cannot influence because local admin rights are not sufficient
to whitelist a file.
Installing 64 bit code is also a chore as dmd delegates the
installation of the required libs to the Microsoft installer. The
problem, the Microsoft installer is incapable to get through our
proxy and there's no offline installation option anymore since
2017. I know it's a Microsoft issue, but it is part of the things
that makes using D quite challenging. I'm highy motivated and am
not pressed by deadlines so it doesn't bother me too much, but I
can imagine that somehow reluctant devs will stop at the first
hurdle encountered.
More information about the Digitalmars-d
mailing list