Adding an embedded signature on setup-x86_64.exe
Brian Inglis
Brian.Inglis@SystematicSw.ab.ca
Sun Nov 20 20:45:29 GMT 2022
On Sun, 20 Nov 2022 17:17:18 +0000, Jon Turney wrote:
> On 18/11/2022 21:15, Dale McCoy wrote:
>> I use Cygwin in the course of work, and while I can use the external gpg
>> signature to verify the validity of setup-x86_64.exe, my IT department
>> can't see that step. They get somewhat concerned when they see that Windows
>> thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
>> Can I convince you to also embed a signature in the installer, so Windows
>> recognizes the file is signed?
> This something I'd like to do, but unfortunately, the remaining blocking
> issues are not technical.
>
> In order to sign the code in this way, the key needs to be signed by a
> CA that participates in Microsoft Trusted Root Program. These CAs
> charge an annual fee. As the person who makes the setup releases, I'm
> not going to pay that out of my own pocket, and we currently have no
> organization to collect donations for that (or any other) purpose.
If Cygwin becomes an SFC member, they may be able to fund Cygwin signing certs.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the Cygwin
mailing list