• hi,
    this is not an urgent issue,
    however i myself seldom run unsigned .exe on windows anymore.
    usually from trusted source like github or with a checksum like sha1.

    It cost several hundred euro per year to buy the cert for that signature.
    so FOSS programmers/users (who hate commercial things) usually accept sign using PGP key,
    as in veracrypt:
    EXE Installer: VeraCrypt Setup 1.26.7.exe (PGP Signature)
    MSI Installer (64-bit) for Windows 10 and later: VeraCrypt_Setup_x64_1.26.7.msi (PGP Signature)
    Portable version: VeraCrypt Portable 1.26.7.exe (PGP Signature)
    Debugging Symbols: VeraCrypt_1.26.7_Windows_Symbols.zip (PGP Signature)

    or put onto github, with checksum e.g. sha1.

    these will make the program look more professional, and give users more trust.


    ps: myself dont need this standalone IDE, just a suggestion. thx

  • Sorry, that's not something I'm interested in doing - the standalone exe is really there as a fallback for pre-Windows 10 installs (which would be very rare now), and hasn't been updated in a while.

    If someone thinks there is a real concern I could just delete the download but I don't think that is really in anyone's best interests.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

the standalone IDE.exe should better signed with PGP keys or checksums [not urgent]

Posted by Avatar for ccchan @ccchan