Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenTTD's Windows installer should be signed #8056

LordAro opened this issue Apr 3, 2020 · 3 comments · Fixed by #9294

OpenTTD's Windows installer should be signed #8056

LordAro opened this issue Apr 3, 2020 · 3 comments · Fixed by #9294


Copy link

@LordAro LordAro commented Apr 3, 2020

Version of OpenTTD

1.10.0, but all

Expected result

Running the installer should work seemlessly

Actual result

Windows Defender SmartScreen complains about the installer being from an unknown location, resulting in a worrying error message that you need to know that you can click past to continue.


Steps to reproduce

  • Download the installer
  • Run the installer
  • See window

We need to get an EV code signing certificate from somewhere -
And run it (securely) on the generated installer (something like this, but we're not yet using Actions for actual OTTD)

Copy link

@TrueBrain TrueBrain commented Apr 4, 2020

EV code signing certificates are expensive. Like, 400 euro a year, expensive. This is a lot of money to sign code. Money that could have been spent better, tbh. It is a bit sad, companies ask this much for these kind of certificates. Don't get me wrong, an initial 400 euro I could understand, they have to validate you etc. But every year if you extend your cert .. that is unbelievable. Anyway, I am ranting.

There is one company that helps out Open Source:
It is 25 euro a year + buying a SmartCard (and a reader, I guess :P) once. So that is much more okay for a project like this. It is only not an EV cert. That means that the SmartScreen Filter still kicks in, while we would grow reputation. It is totally unclear how the growth of reputation works. It does remove "Unknown Publisher", and replaced with what-ever legal entity requested the Code Signing Cert. But it still shows a similar screen.

This comment just to get this ball rolling a bit :)

@TrueBrain TrueBrain changed the title OpenTTD's installer should be signed OpenTTD's Windows installer should be signed Apr 4, 2020
Copy link

@TrueBrain TrueBrain commented Apr 14, 2020

As this is an ongoing discussion on several levels, I put out a gist with a summary of what we know:

I could use advise (backed up with reading material, of course). This really feels to us like a HTTPS certificate felt 3 years ago. Difficult to navigate, you don't really know what you get, and you hope everything works out for the best. So any guidance is apperciated.

Copy link

@orudge orudge commented Apr 13, 2021

I'll perhaps have a look at another certificate supplier and give this another shot...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants