On 18/11/2022 21:15, Dale McCoy wrote:
I use Cygwin in the course of work, and while I can use the external gpg signature to verify the validity of setup-x86_64.exe, my IT department can't see that step. They get somewhat concerned when they see that Windows thinks setup-x86_64.exe is unsigned, and I certainly don't blame them. Can I convince you to also embed a signature in the installer, so Windows recognizes the file is signed?
This something I'd like to do, but unfortunately, the remaining blocking issues are not technical.
In order to sign the code in this way, the key needs to be signed by a CA that participates in Microsoft Trusted Root Program. These CAs charge an annual fee. As the person who makes the setup releases, I'm not going to pay that out of my own pocket, and we currently have no organization to collect donations for that (or any other) purpose.
-- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
