X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 1ED533858D28
Authentication-Results:	sourceware.org; dmarc=none (p=none dis=none)
	header.from=SystematicSw.ab.ca
Authentication-Results:	sourceware.org;
	spf=none smtp.mailfrom=systematicsw.ab.ca
X-Authority-Analysis:	v=2.4 cv=SuCDVdC0 c=1 sm=1 tr=0 ts=637a91ea
	a=oHm12aVswOWz6TMtn9zYKg==:117 a=oHm12aVswOWz6TMtn9zYKg==:17
	a=IkcTkHD0fZMA:10 a=yPf7pi8k6090NVXkwu8A:9 a=QEXdDO2ut3YA:10
Message-ID:	<bbc8e50d-0445-65a2-8bf7-1a7671b5fefa@SystematicSw.ab.ca>
Date:	Sun, 20 Nov 2022 13:45:29 -0700
MIME-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
	Thunderbird/102.5.0
To:	cygwin AT cygwin DOT com
Cc:	dalestan AT gmail DOT com
Subject:	Re: Adding an embedded signature on setup-x86_64.exe
In-Reply-To:	<64eb894e-0bce-2e68-3e8b-a8cd69711514@dronecode.org.uk>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Organization:	Systematic Software
X-CMAE-Envelope:	MS4xfOmvInefvAYvkrG7uR1lY890mNr71Opuxbe+7zLoUBHgo+opj6pQ/W0odaMAG5keKIDmTFjLvgYUh+B2LXE28/Fart06NJ84rVz/miamYQbaXSEDU4hI
	OPzmxttPtSmIvjzeD5S7MnQjMm0iLDUAMNesJ1ovhNKzKg1xr8HuUiPpmNipiTavW00L+8pQQZf+TDMfJKbUkTc4H7KTrUWeMMP93vPCbH/iFF+1zBPp6fp/
X-Spam-Status:	No, score=-1163.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
	KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE,
	TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To:	cygwin AT cygwin DOT com
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 2AKKkFvQ009513

On Sun, 20 Nov 2022 17:17:18 +0000, Jon Turney wrote:
> On 18/11/2022 21:15, Dale McCoy wrote:
>> I use Cygwin in the course of work, and while I can use the external gpg
>> signature to verify the validity of setup-x86_64.exe, my IT department
>> can't see that step. They get somewhat concerned when they see that Windows
>> thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
>> Can I convince you to also embed a signature in the installer, so Windows
>> recognizes the file is signed?

> This something I'd like to do, but unfortunately, the remaining blocking 
> issues are not technical.
> 
> In order to sign the code in this way, the key needs to be signed by a 
> CA that participates in Microsoft Trusted Root Program.  These CAs 
> charge an annual fee. As the person who makes the setup releases, I'm 
> not going to pay that out of my own pocket, and we currently have no 
> organization to collect donations for that (or any other) purpose.

If Cygwin becomes an SFC member, they may be able to fund Cygwin signing certs.

-- 
Take care. Thanks, Brian Inglis			Calgary, Alberta, Canada

La perfection est atteinte			Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter	not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer	but when there is no more to cut
			-- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -