visuald icon indicating copy to clipboard operation
visuald copied to clipboard
verified publisher icon dlang

Digitally sign releases?

Open AlexAltea opened this issue 2 years ago • 3 comments

Every time I try to install VisualD on Windows, I have to dodge countless safety warnings because the executable is unsigned. Although we get some assurance via https:// but still if I leave installers somewhere, I'd much rather have the assurance they have not been tampered with.

Would it be possible to digitally sign future releases? Does the Dlang Foundation have a code sign cert?

AlexAltea avatar Nov 02 '23 15:11 AlexAltea

CC @mdparker

Geod24 avatar Nov 09 '23 16:11 Geod24

We used to have an affordable one that someone set up for us for signing dmd releases, but that option is no longer available. @ibuclaw looked into other options a while back, but as I recall they were ridiculously expensive. So we don't have one right now.

mdparker avatar Nov 10 '23 00:11 mdparker

I have signed https://github.com/dlang/visuald/releases/tag/v1.4.0-beta2 with the expired certificates, this seems to reduce the number of dialogs that you have to go through before running the installer after download.

Please note that downloading an update installer from the Visual D settings update page does not show any of the safety warnings.

rainers avatar Dec 16 '23 17:12 rainers