macOS packages and Windows MSIs are not signed

[skade]

This possibly applies to other platforms as well.

Currently, the Rust installer comes up with this nice warning, making the user navigate to a settings pane and acknowledge to really start the installer. Administrators can also decide to completely deactivate this.

I think at least the official installers of Rust should be signed using an Apple Developer Certificate.

[nagisa]

This possibly applies to other platforms as well.

All our releases and their checksums, including OS X ones, are signed with PGP signature already.

I’m not disagreeing they could also be signed using whatever method Apple for their OSes, but I'm not convinced $100/$300 is a fair price for getting rid of this dialog. OTOH we probably could piggy back on the same account used to generate signatures for Firefox.

[skade]

@nagisa If that is your issue, point me to a form where I can chip in 100$ yearly. Either we want to supply installers for their platform and then do it proper or we should just ship tarballs.

[skade]

I think the same is true for the windows installer.

(Code signing certs for windows cost > $300 upwards, FWIW)

[brson]

cc @edunham

Seems totally fixable in the infinite expanse of time.

[skade]

I would be willing to invest time on building the signing tooling, but obviously can't help with certificate handling.

[briansmith]

Note that on Windows 8 and later (or, at least, Windows 8.1), Windows Safescreen makes it look like it is impossible to run the installer, and so the installation experience is terrible all around. Especially with the new MSVC port reaching Stable, it would be great to have a Good OOBE on Windows, at least for the Stable releases.

[rtoal]

I have the same problem on Chrome...

[skade]

@rtoal Just in case: you can, in the meantime, go to "Systems Settings" -> "Security and Privacy" and click the appropriate button to still start the installation process.

[skade]

@brson this ticket needs A-windows as well, or should windows be split into a separate issue?

[rtoal]

@skade Thanks but I just used homebrew which also has 1.3.0. :)

[skade]

I'd like to bump this again, also, Servo has the same issue and cannot be easily run on OS X, as it is unsigned.

[Manishearth]

OTOH we probably could piggy back on the same account used to generate signatures for Firefox.

I doubt this would be accepted by the Firefox people. You want your private keys locked down, having two projects with independent infrastructure share a key sounds like a bad idea. I think both Rust and Servo can get their own. Not sure if it should be the same one.

[skade]

For reference, here's the issue for windows. #25457

[brson]

Agree this is something we should solve soon.

[Mark-Simulacrum]

@brson I don't think this has been solved for either macOS or Windows. Could you give an update on this?

[steveklabnik]

Triage: not aware of any changes here.