the standalone IDE.exe should better signed with PGP keys or checksums [not urgent]

[espruino-discuss3]

Posted at 2023-10-13 by ccchan

hi,
this is not an urgent issue,
however i myself seldom run unsigned .exe on windows anymore.
usually from trusted source like github or with a checksum like sha1.

It cost several hundred euro per year to buy the cert for that signature.
so FOSS programmers/users (who hate commercial things) usually accept sign using PGP key,
as in veracrypt:
https://www.veracrypt.fr/en/Downloads.html
Windows:
EXE Installer: VeraCrypt Setup 1.26.7.exe (PGP Signature)
MSI Installer (64-bit) for Windows 10 and later: VeraCrypt_Setup_x64_1.26.7.msi (PGP Signature)
Portable version: VeraCrypt Portable 1.26.7.exe (PGP Signature)
Debugging Symbols: VeraCrypt_1.26.7_Windows_Symbols.zip (PGP Signature)

or put onto github, with checksum e.g. sha1.

these will make the program look more professional, and give users more trust.

thanks

ps: myself dont need this standalone IDE, just a suggestion. thx

[gfwilliams]

Posted at 2023-10-16 by @gfwilliams

Sorry, that's not something I'm interested in doing - the standalone exe is really there as a fallback for pre-Windows 10 installs (which would be very rare now), and hasn't been updated in a while.

If someone thinks there is a real concern I could just delete the download but I don't think that is really in anyone's best interests.