Adding an embedded signature on setup-x86_64.exe
Jon Turney
jon.turney@dronecode.org.uk
Sun Nov 20 17:17:18 GMT 2022
On 18/11/2022 21:15, Dale McCoy wrote:
> I use Cygwin in the course of work, and while I can use the external gpg
> signature to verify the validity of setup-x86_64.exe, my IT department
> can't see that step. They get somewhat concerned when they see that Windows
> thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
> Can I convince you to also embed a signature in the installer, so Windows
> recognizes the file is signed?
This something I'd like to do, but unfortunately, the remaining blocking
issues are not technical.
In order to sign the code in this way, the key needs to be signed by a
CA that participates in Microsoft Trusted Root Program. These CAs
charge an annual fee. As the person who makes the setup releases, I'm
not going to pay that out of my own pocket, and we currently have no
organization to collect donations for that (or any other) purpose.
More information about the Cygwin
mailing list