Hi, Il 11/06/2018 10:52, Gert Doering ha scritto: > Hi, > > On Mon, Jun 11, 2018 at 10:30:05AM +0300, Samuli Seppänen wrote: >> Last Friday I managed to get tap-windows-9.22.1[1] attestation >> signed[2]. This means that that particular driver (64-bit variant) >> should work on any Windows 10. However, according to [2] > > This is very good news :-) > > Have you been able to make this into a tap6 installer that we could > throw at people that had issues getting the previous attempt to work > on win10?
Not yet. But I don't have any reason believe it won't work, because the only signature in there is directly from Microsoft. I also asked about the relation of "requested signatures" checklist in the dashboard and signatures. Regardless of which Windows 10 variants we check the boxes for the signature should be valid across all of them. So by checking the boxes is just a statement along the lines "we have tested the driver on Windows flavors <x>". I just asked what we need to do to make the driver work on Windows Server 2016. I _hope_ that platform does not require us to pass the HLK tests. If it does, then we have no option but to go through the process _now_. HCK and WLK can wait a while, as the older operating systems will be fine with a cross-signed driver. But then we'd end up with two installers (HLK and cross-signed). > > [..] >> I actually lean towards 2), as that is the only way[3] to provide a >> driver that works across all Windows versions that are under "mainstream >> support". That would leave out Windows Server 2008 R2 which is under >> "extended support" that ends in early 2020: >> >> https://support.microsoft.com/en-us/lifecycle/search?alpha=windows%20server%202008 >> >> So, if we want to keep on supporting Windows Server 2008 R2 while having >> just one tap-windows6 driver we (=I) would have to go through three >> different test suites / certifications: >> >> - HLK (Windows 10) >> - HCK (Windows 7/8) >> - WLK (Windows 2008 R2) > > I have no idea how many people are doing Server 2008 R2 with OpenVPN, > but I'm afraid there will be "more than zero". > > Wild idea: do we want to add a checkbox to the installer "submit > version information to OpenVPN Headquarters" (opt-in, of course) so > we can have a rough idea what people are actively using? I would not be opposed to this. We'd have to include the matching code in openvpn.nsi as well, as it runs tap-windows6.nsi non-interactively. >> Our projected deadline for the next tap-windows6 release is June 20th. I >> will start working on HLK/HCK, but I don't know how many obstacles I >> will encounter. >> >> However, as we can now attestation-sign drivers, even in the worst case >> we could initially release two installers (option 1 above). Then, when >> HLK/HCK/WLK are in order, we can switch back to using a single installer >> again. > > This sounds like a good backup plan to get fixed drivers *out* for all > supported platforms, and give us (=you :) ) time to wrestle with > HLK/HCK/WLK... > It looks like this will be a wrestle. MS docs seem relatively good, but many tiny but important details seem to be undocumented. Like "can I run HLK tests on Amazon EC2/Azure VMs?" -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
