You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I realize there is a cost involved, but the unsigned Windows installers currently trigger Windows SmartScreen, which of course can be bypassed, but this may discourage new users.
The text was updated successfully, but these errors were encountered:
Thanks for the input. I understand the concern but providing signed packages for Windows/macOS is not planned for the near future. Yes, the cost involved but also the maintenance burden increasing.
I was trying to purchase another certificate with reasonable price. However I cannot use “Notepad++” as CN to sign because Notepad++ doesn’t exist as company or organization. I wasted hours and hours for getting one suitable certificate instead of working on essential thing - Notepad++ project. I realize that code signing certificate is just an overpriced masturbating toy for FOSS authors - Notepad++ has done without certificate for more than 10 years, I don’t see why I should add the dependency now (and be an accomplice of this overpricing industry). I decide to do without it.
By the way, signing the packages doesn't guarantee the packages attached to releases have been automatically assembled from the source code. So it doesn't help with ensuring that no tampered/random/backdoored/malicious stuff got selectively/manually injected into the packages. But the way for such verification is provided, see #183 (we print hashes on CI servers and attach links to the CI build logs to releases). So the better packages origin verification option is provided than just signing.
vladimiry
changed the title
Sign windows installers
Sign installers attched to project's "releases" page
Sep 7, 2021
vladimiry
changed the title
Sign installers attched to project's "releases" page
Sign installers attached to project's "releases" page
Sep 7, 2021
I realize there is a cost involved, but the unsigned Windows installers currently trigger Windows SmartScreen, which of course can be bypassed, but this may discourage new users.
The text was updated successfully, but these errors were encountered: