On Sat, 15 Mar 2025 at 03:03, Eirik Bakke <eba...@ultorg.com.invalid> wrote: > > Exactly the switch we're looking at right now. Although I have some > > concerns about the difference in trust of the certificate. Are you using it > > now? How have you found it? > > Azure Trusted Signing works great! It successfully prevented the Windows > Defender warning from appearing, just like the Sectigo Extended Validation > physical USB token I used before. I just talked to someone else who has also > recently switched from physical USB tokens to Azure Trusted Signing. It seems > like it’s the way forward for signing on Windows. > > I followed the instructions on > https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/ > and then used the https://github.com/Azure/trusted-signing-action from a > GitHub Actions script.
Well, looks like we won't be making that switch for the community installers for NetBeans 26, and will continue with the physical token approach for now. Microsoft recently restricted Trusted Signing back to companies in the US and Canada only - https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-public-preview-update/4399713 Hopefully that will be updated again soon as they move this out of preview. I wonder if the restrictions came back due to need to address abuse - eg. https://www.bleepingcomputer.com/news/security/microsoft-trusted-signing-service-abused-to-code-sign-malware/ Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
