On Wed, 16 Aug 2017, Gilles Caulier wrote: > Hi, > > Same problem for digiKam Windows installer. > > But this question is not only about Windows, but MacOS PKG also need > to be signed. So the problem is more generic and a global solution > need to be found here for KDE applications packaged for windows and > MacOS.
Right now, I'm not concerned that much about OSX. One thing at a time. > Note : in the future, to improve security, Microsoft and Apple will > certainly promote application store for desktop application > installation, instead stand alone solutions. For Windows Store applications code signing certificates aren't used. They check the developer directly (which is why it's so nice that they have a program to help open source projects get into the store, that cuts through a lot of red tape). > > Gilles Caulier > > 2017-08-16 11:40 GMT+02:00 Boudewijn Rempt <[email protected]>: > > Here's yet another topic: for the past year, I've been signing Krita > > for Windows with a certificate from certum.eu. These certificates are > > personal, so krita gets signed by "open source developer boudewijn rempt". > > > > That's not ideal, and besides, there are other projects publishing > > binaries for Windows, like kate and kdevelop and kdenlive. I am wondering > > whether it would be possible to get a proper KDE code signing certificate > > and manage that somehow, then use that sign all our windows releases. > > > > I'd of course chip in with the costs of that, since organization > > certificates > > tend to be quite expensive, but the main thing is, we need way to sign > > the binaries in a trusted way. I have no real idea other than having an > > official "signing volunteer" or something like that. > > > > -- > > Boudewijn Rempt | http://www.krita.org, http://www.valdyas.org > -- Boudewijn Rempt | http://www.krita.org, http://www.valdyas.org
