Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Digitally sign or hash WiX binaries #3149

Closed
wixbot opened this Issue Apr 28, 2011 · 2 comments

Comments

Projects
None yet
2 participants
Collaborator

wixbot commented Apr 28, 2011

Due to the highly security-sensitive nature of the environments in which WiX runs, the WiX installer MSI and binaries should be digitally signed using a code signing certificate registered to an authoritative person or entity. This is the preferred means of insuring code integrity because it can be programmatically checked by Windows. Alternatively, hashes (MD5 and SHA-1) of the binaries could be posted to a WiX mailing list by an authoritative person. Posting hashes to a mailing list is preferred over posting hashes to a web server because an attacker able to substitute a malicious installer or binaries would be unable to replace the hashes once mailed. However, to emphasize, code signing is preferred.

Originally opened by lambdareveal from http://sourceforge.net/p/wix/feature-requests/639/

Collaborator

wixbot commented Oct 31, 2013

Originally changed by barnson
AssignedTo set to robmen
Release set to v3.8

Collaborator

wixbot commented Nov 1, 2013

We are now digitally signing the bundle which will vouch for all the other installed files.

Originally posted by robmen
Area set to installer
Resolution set to fixed
Status changed from Open to Resolved

@wixbot wixbot added this to the v3.8 milestone Dec 20, 2015

@wixbot wixbot closed this Dec 20, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment