-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Windows code signing certificate #22017
Conversation
Needs backport to 0.21, 0.20, and 0.19. Once this is merged into the previous branches, we should make 0.21.1.1, 0.21.0.1, 0.20.1.1, 0.20.0.1, and 0.19.2.1 releases as these are either unsigned or signed with the previous key which was revoked. |
Is there a timeline on the Zurich alternative? We've been unable to sign Windows releases for a while, so unless it's a matter of days, I'm concept ACK on just going ahead with this. These |
There is no timeline. We're still waiting for the registration with the government to go through, but there's not ETA on when that will be. Then we'd have to wait a few more days for Digicert to issue the certificate.
Yes, Windows only.
The idea was that each release we have done previously which used the revoked cert should be re-released so that if people wanted to use them (and not a future minor release on the branch) they could. But perhaps that is not something we want to do. |
That seems a bit overkill. |
Github-Pull: bitcoin#22017 Rebased-From: 167fb1f
Backported in #22022 (assuming the commit with that hash is merged into master) |
Github-Pull: bitcoin#22017 Rebased-From: 167fb1f
Yes. CAs now only issue 1 year certs. |
It's hard to give an estimation right now. We are waiting for all the paperwork to complete and the stamp from the government so it will be listed in the official registers. Once there, we hopefully can get code signing certificates again. |
ACK 167fb1f |
Updates the Windows code signing certificate to a new one issued by Digicert. This certificate has been issued to Bitcoin Core Code Signing LLC registered in Delaware, US. Note that this is different from the previous Bitcoin Core Code Signing Association registered in Zurich, Switzerland as it was unable to meet the validation requirements in time.