X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:subject:date:message-id; q=dns;
	 s=default; b=W4IW2uA7dnn4zemVCrTpJnZWech+H3Q9K50LMbdn7LlFYUHepD
	Exie/d0pvfgfBwnj05wiemhHn3H7A2mo4yVKXN+JbXADA7/tQ6L6oxUalmDJ4nNQ
	pUm8rkhkJKsCJt+tpolw/6ZrmM3aS3yJafuKTfMnru23qVhcxyMUjY0Zg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:subject:date:message-id; s=
	default; bh=1eaiViKBgdhDwRxxdF87ywbiNYs=; b=nFw+syJ/AlmDXP+Z9Da3
	xKhs70Tipnl4hlhZOgvMCeYig3SK6Aq8oXjrlUkq+d1irBPfiXBQ5KUXhfgwJWxO
	r2dsopupl4N05UbBGIY5UKVP5KEvf9SVXGZAf/5OUQJPHvoE9S/FgGZgtEill7Vy
	Ms9chpSz8vDpnFdslXfv5AA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham version=3.3.2
X-HELO: aibo.runbox.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
MIME-Version: 1.0
From: "David A. Wheeler" <dwheeler AT dwheeler DOT com>
Reply-To: dwheeler AT dwheeler DOT com
To: "cygwin" <cygwin AT cygwin DOT com>
Subject: Should cygwin's setup*.exe be signed using Sign Tool?
Date: Thu, 02 Apr 2015 14:13:09 -0400 (EDT)
Message-Id: <E1Ydjc5-0000kv-WD@rmm6prod02.runbox.com>
X-IsSubscribed: yes
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t32IDXE6029638

Running setup*.exe produces "Publisher: Unknown publisher", and it's doubtful that many people check the signature of the .exe file before running.  Even if they did, there's the problem that the signature comes from the same place.

Has Cygwin considered signing the installer using Sign Tool? More info:
  https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx
  http://blog.didierstevens.com/2008/12/31/howto-add-a-digital-signature-to-executables/

I believe signing it this way would eliminate the "unknown publisher"; it would also protect the many people who don't follow the current signature-checking process.  This would create a strong barrier against code subversion after release.

The signed executable could also be signed using the current process, so you don't need to *eliminate* any capability.  I can't provide a patch to do this, obviously :-).

--- David A. Wheeler


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple