On Nov 20 13:45, Brian Inglis wrote: > On Sun, 20 Nov 2022 17:17:18 +0000, Jon Turney wrote: > > On 18/11/2022 21:15, Dale McCoy wrote: > > > I use Cygwin in the course of work, and while I can use the external gpg > > > signature to verify the validity of setup-x86_64.exe, my IT department > > > can't see that step. They get somewhat concerned when they see that > > > Windows > > > thinks setup-x86_64.exe is unsigned, and I certainly don't blame them. > > > Can I convince you to also embed a signature in the installer, so Windows > > > recognizes the file is signed? > > > This something I'd like to do, but unfortunately, the remaining blocking > > issues are not technical. > > > > In order to sign the code in this way, the key needs to be signed by a > > CA that participates in Microsoft Trusted Root Program. These CAs > > charge an annual fee. As the person who makes the setup releases, I'm > > not going to pay that out of my own pocket, and we currently have no > > organization to collect donations for that (or any other) purpose. > > If Cygwin becomes an SFC member, they may be able to fund Cygwin signing > certs.
Good point! Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
