On Fri Nov 18 21:15:04 GMT 2022, Dale McCoy wrote:
I use Cygwin in the course of work, and while I can use the external gpg
signature to verify the validity of setup-x86_64.exe, my IT department
can't see that step. They get somewhat concerned when they see that Windows
thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
Can I convince you to also embed a signature in the installer, so Windows
recognizes the file is signed?
I couldn't find a previous request on the mailing list for this, but I may
have missed it in my attempts to grep the monthly digests.
See thread "Should cygwin's setup*.exe be signed using Sign Tool?":
https://cygwin.com/pipermail/cygwin/2015-April/220978.html
https://inbox.sourceware.org/cygwin/e1ydjc5-0000kv...@rmm6prod02.runbox.com/
In case we ever need it, one of our setup maintainers packaged osslsigncode:
https://cygwin.com/packages/summary/osslsigncode-src.html
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
