Closed jmuellerffn closed 2 months ago
As much as I would like to sign this it would come at a considerable personal cost of around £600+ for a 3 year cert as I wouldn't want to renew yearly.
If there is enough interest from the community to contribute towards these costs then I will happily do the leg work to get these signed.
If anyone is willing to sponsor the project costs please let me know and I'll see if I can get a payment method setup.
Thank you for your answer.
Maybe I understand something wrong, but can't you just self sign it?
Found this for example: https://codesigningstore.com/how-to-create-self-signed-code-signing-certificate-with-powershell
Self sign and then provide the certificate for you to install?
Seems a little pointless, what benefit would that give in terms of security?
On Thu, 21 Mar 2024, 07:45 jmuellerffn, @.***> wrote:
Thank you for your answer.
Maybe I understand something wrong, but can't you just self sign it?
Found this for example:
https://codesigningstore.com/how-to-create-self-signed-code-signing-certificate-with-powershell
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2011395912, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4TEWWMFQDNO66ZCO3YZKFYNAVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJRGM4TKOJRGI . You are receiving this because you were assigned.Message ID: @.***>
Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
Thanks for bringing that to my attention.
It's looks feasible and I'm happy to sign the project with a cert from certum. A cloud certificate works best for me to save having to buy a card and reader. It's €49.
I've set up GitHub sponsor and will let you know when live - feel free to contribute.
On Mon, 25 Mar 2024, 10:32 jmuellerffn, @.***> wrote:
Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2017684795, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4WFLWS2MTWZJH5IALYZ74K7AVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJXGY4DINZZGU . You are receiving this because you were assigned.Message ID: @.***>
Thanks for bringing that to my attention.
It's looks feasible and I'm happy to sign the project with a cert from certum. A cloud certificate works best for me to save having to buy a card and reader. It's €49.
I've set up GitHub sponsor and will let you know when live - feel free to contribute.
On Mon, 25 Mar 2024, 10:32 jmuellerffn, @.***> wrote:
Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2017684795, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4WFLWS2MTWZJH5IALYZ74K7AVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJXGY4DINZZGU . You are receiving this because you were assigned.Message ID: @.***>
Sponsorship is now live. All are welcome to contribute so we can get the project scripts signed.
Thank you for your contribution will try to do this for the next release sometime in April hopefully.
Certificate has been purchased, awaiting verification.
Just wanted to ask if you have an estimate for the release of the signed version?
Certificate obtained and have been testing the signing process. Hopefully will have a new release out by the end of the week, probably Thursday.
v2404.1 released which is now signed. Thanks again for your support.
One of our customers requires signed scripts. So all the scripts need to be signed and for example for other modules we install their certificate in the trusted publisher certificate store.
It will help us and I'm sure others too, if the scripts were signed with a certificate.
Thank you for considering it.