https://bugs.documentfoundation.org/show_bug.cgi?id=172101
Christian Lohmaier <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |[email protected] | |g Resolution|--- |WORKSFORME --- Comment #1 from Christian Lohmaier <[email protected]> --- That is nothing we can fix on our end - it is just a trigger that kicks in if something is downloaded by comparatively few users/if it is a new/unknown file and since the daily builds aren't codesigned (and I guess the rules/what exactly triggers it can/will change over time) As you write there's an option to open anyway, even if "hidden" behind a more info button. It won't happen for actual releases since those are on the one hand downloaded by lots of people, and also they are codesigned. So I set it as worksforme, as we cannot control Microsoft's heuristics about what is considered potentially malicious, and we also don't want to have signing keys on our CI bots/we don't want to sign builds created automatically (and actually cannot, signing on windows requires unlocking the key stored on a smartcard/requires physical access to the machine). Given that daily builds are used by advanced/knowledgeable users, I think the situation is acceptable. It is similar on macOS where apples sets a quarantine flag that has to be cleared before you can launch a unsigned binary from an "untrusted" source (aka not created on your own machine/downloaded from the internet) Would be a totally different story if our main releases were affected, but as said the offical alpha/beta/RCs/final builds don't have this specific problem. -- You are receiving this mail because: You are the assignee for the bug.
