Hi, OK, I added a GPG signature on https://www.geany.org/Download/Releases.
Just note, that it is signed with my key which is a different key used for signing the source tarballs. Regards, Enrico On 12/17/18 3:48 PM, [email protected] wrote: > Hi Enrico, > I understand that the installer contains more binaries which are not signed > by you, but I think that a GPG-signed .exe would be more trustable than a > md5-certificated .exe. I think it would be an improvement simple to add. > > Best regards, > Daniel > > ----- Original Message ----- > Hi <whoever you are>, > > On 12/16/18 10:29 PM, [email protected] wrote: >> Given that you already sign the source packages, could you sign the Windows >> Installer too? > > I could. > The installer as well as all binaries created from the Geany sources > itself (that is geany.exe, libgeany.dll and the plugin DLLs) are signed > with a SSL certificate from cacert.org. > You can check these signatures on Windows in the file properties dialog > on the "Digital Signatures" tab. > > Usually you get a verification failure because Windows doesn't know the > CA the certificate is signed with (cacert.org). But this is a problem of > Windows, not of Geany. > You can download the root certificate of the cacert.org CA on > http://www.cacert.org/index.php?id=3. > > The installer contains more binaries which are not signed by us as they > are not created by us but taken from the MSYS2 project. Detailed > information about the included runtime libraries are where they were > downloaded from can be found in the installation directory in the file > called "ReadMe.Dependencies.Geany.txt". >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.geany.org/cgi-bin/mailman/listinfo/users
