On Sun, 20 Nov 2022 17:17:18 +0000, Jon Turney wrote:
On 18/11/2022 21:15, Dale McCoy wrote:
I use Cygwin in the course of work, and while I can use the external gpg
signature to verify the validity of setup-x86_64.exe, my IT department
can't see that step. They get somewhat concerned when they see that Windows
thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
Can I convince you to also embed a signature in the installer, so Windows
recognizes the file is signed?
This something I'd like to do, but unfortunately, the remaining blocking
issues are not technical.
In order to sign the code in this way, the key needs to be signed by a
CA that participates in Microsoft Trusted Root Program. These CAs
charge an annual fee. As the person who makes the setup releases, I'm
not going to pay that out of my own pocket, and we currently have no
organization to collect donations for that (or any other) purpose.
If Cygwin becomes an SFC member, they may be able to fund Cygwin signing certs.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple