Update serial numbers for Windows artifacts through v1.19.1#134
Update serial numbers for Windows artifacts through v1.19.1#134infeo merged 1 commit intocryptomator:developfrom
Conversation
|
|
WalkthroughThis pull request updates the Windows installer verification documentation to clarify the verification process for multiple installer formats. The changes expand the Windows section header to indicate both exe and msi artifacts are covered, add explicit guidance that Windows installers may include multiple signatures from Skymatic GmbH, reorganize the verification steps to reference the first signature and its details, and replace a single outdated certificate serial number example with multiple version-specific serial numbers organized by release versions (1.19.1, 1.19.0, 1.18.1, 1.18.0, 1.17.1, and older ranges). Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related issues
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip CodeRabbit can approve the review once all CodeRabbit's comments are resolved.Enable the |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
docs/security/verify-installers.md (1)
38-38: Avoid relying on “first signature” order.“Click on the first signature” is brittle if Windows changes signature ordering. Prefer instructing users to select the signature by signer name (
Skymatic GmbH) and then open Details.Proposed doc tweak
-3. Click on the first signature, and then click Details. +3. Select a signature whose signer is `Skymatic GmbH`, and then click Details.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/security/verify-installers.md` at line 38, Replace the brittle instruction "Click on the first signature" with a selector-based step that instructs users to choose the signature by signer name; specifically change the step to say "Click the signature signed by 'Skymatic GmbH', then click Details" so the user selects the signer by name instead of relying on signature ordering.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/security/verify-installers.md`:
- Line 45: The line "For releases since July 14, 2022 to July 8, 2025 (version
1.17.1): `d77e4f8b938f56ae265cd08e9193490c`" is contradictory; update the
wording to an unambiguous date/version mapping—either make it an explicit range
(e.g., "For releases from July 14, 2022 through July 8, 2025:
`d77e4f8b938f56ae265cd08e9193490c`" and remove or adjust the version label) or
make it a single-release entry (e.g., "For release July 8, 2025 (version
1.17.1): `d77e4f8b938f56ae265cd08e9193490c`"); ensure the date range and the
version label (the version string 1.17.1 and the checksum
`d77e4f8b938f56ae265cd08e9193490c`) are consistent.
---
Nitpick comments:
In `@docs/security/verify-installers.md`:
- Line 38: Replace the brittle instruction "Click on the first signature" with a
selector-based step that instructs users to choose the signature by signer name;
specifically change the step to say "Click the signature signed by 'Skymatic
GmbH', then click Details" so the user selects the signer by name instead of
relying on signature ordering.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 822f18b3-4032-4851-ac90-64abedb55800
📒 Files selected for processing (1)
docs/security/verify-installers.md
| - For release version 1.19.0: `3300083c47651e1daeb99b00eb000000083c47` | ||
| - For release version 1.18.1: `330007d28ad57305892a81cac600000007d28a` | ||
| - For release version 1.18.0: `3300052c3561155e2baf361702000000052c35` | ||
| - For releases since July 14, 2022 to July 8, 2025 (version 1.17.1): `d77e4f8b938f56ae265cd08e9193490c` |
There was a problem hiding this comment.
Fix contradictory release-range wording in certificate mapping.
Line 45 currently says “since … to … (version 1.17.1)”, which is internally inconsistent and can mislead users during security verification. Please rewrite this as an unambiguous range and align the version label with that range (or keep it to a single exact version/date if that’s what you intended).
🧰 Tools
🪛 LanguageTool
[style] ~45-~45: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ...52c35 - For releases since July 14, 2022 to July 8, 2025 (version 1.17.1):d77e...
(MISSING_COMMA_AFTER_YEAR)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/security/verify-installers.md` at line 45, The line "For releases since
July 14, 2022 to July 8, 2025 (version 1.17.1):
`d77e4f8b938f56ae265cd08e9193490c`" is contradictory; update the wording to an
unambiguous date/version mapping—either make it an explicit range (e.g., "For
releases from July 14, 2022 through July 8, 2025:
`d77e4f8b938f56ae265cd08e9193490c`" and remove or adjust the version label) or
make it a single-release entry (e.g., "For release July 8, 2025 (version
1.17.1): `d77e4f8b938f56ae265cd08e9193490c`"); ensure the date range and the
version label (the version string 1.17.1 and the checksum
`d77e4f8b938f56ae265cd08e9193490c`) are consistent.
|
@gregsskyles Can you sign the CLA? Then it is ready to merge. |
|
No worries, CLA is done. |
3 participants
As the signing certificates for Windows artifacts have changed starting with version 1.18.0, also update the documented expected serial numbers for versions 1.18.0 through 1.19.1.