Adding an embedded signature on setup-x86_64.exe
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Nov 21 12:49:30 GMT 2022
On Nov 20 13:45, Brian Inglis wrote:
> On Sun, 20 Nov 2022 17:17:18 +0000, Jon Turney wrote:
> > On 18/11/2022 21:15, Dale McCoy wrote:
> > > I use Cygwin in the course of work, and while I can use the external gpg
> > > signature to verify the validity of setup-x86_64.exe, my IT department
> > > can't see that step. They get somewhat concerned when they see that Windows
> > > thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
> > > Can I convince you to also embed a signature in the installer, so Windows
> > > recognizes the file is signed?
>
> > This something I'd like to do, but unfortunately, the remaining blocking
> > issues are not technical.
> >
> > In order to sign the code in this way, the key needs to be signed by a
> > CA that participates in Microsoft Trusted Root Program. These CAs
> > charge an annual fee. As the person who makes the setup releases, I'm
> > not going to pay that out of my own pocket, and we currently have no
> > organization to collect donations for that (or any other) purpose.
>
> If Cygwin becomes an SFC member, they may be able to fund Cygwin signing certs.
Good point!
Corinna
More information about the Cygwin
mailing list