You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For general security reasons it would be nice to sign all binaries we produce for a release, including the installer. No need to do it immediately, but in the medium term.
First step would be to have a secure signing key on the CI server. I'm not sure our current "secrets" infrastructure is fit for that kind of purpose, so I'd start by reviewing that.
ghost
transferred this issue from another repository
Apr 1, 2019
Our Windows installer is now signed. If we decide to sign other things (signing Maven artifacts is already tracked as part of the work towards publishing to Maven central), let’s open separate issues for that.
For general security reasons it would be nice to sign all binaries we produce for a release, including the installer. No need to do it immediately, but in the medium term.
CC @shaul-da
The text was updated successfully, but these errors were encountered: