Closed jmuellerffn closed 2 months ago
AshleyHow
commented
3 months ago As much as I would like to sign this it would come at a considerable personal cost of around £600+ for a 3 year cert as I wouldn't want to renew yearly.
If there is enough interest from the community to contribute towards these costs then I will happily do the leg work to get these signed.
If anyone is willing to sponsor the project costs please let me know and I'll see if I can get a payment method setup.
jmuellerffn
commented
3 months ago Thank you for your answer.
Maybe I understand something wrong, but can't you just self sign it?
Found this for example: https://codesigningstore.com/how-to-create-self-signed-code-signing-certificate-with-powershell
AshleyHow
commented
3 months ago Self sign and then provide the certificate for you to install?
Seems a little pointless, what benefit would that give in terms of security?
On Thu, 21 Mar 2024, 07:45 jmuellerffn, @.***> wrote:
Thank you for your answer.
Maybe I understand something wrong, but can't you just self sign it?
Found this for example:
https://codesigningstore.com/how-to-create-self-signed-code-signing-certificate-with-powershell
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2011395912, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4TEWWMFQDNO66ZCO3YZKFYNAVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJRGM4TKOJRGI . You are receiving this because you were assigned.Message ID: @.***>
jmuellerffn
commented
3 months ago Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
AshleyHow
commented
3 months ago Thanks for bringing that to my attention.
It's looks feasible and I'm happy to sign the project with a cert from certum. A cloud certificate works best for me to save having to buy a card and reader. It's €49.
I've set up GitHub sponsor and will let you know when live - feel free to contribute.
On Mon, 25 Mar 2024, 10:32 jmuellerffn, @.***> wrote:
Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2017684795, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4WFLWS2MTWZJH5IALYZ74K7AVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJXGY4DINZZGU . You are receiving this because you were assigned.Message ID: @.***>
AshleyHow
commented
3 months ago Thanks for bringing that to my attention.
It's looks feasible and I'm happy to sign the project with a cert from certum. A cloud certificate works best for me to save having to buy a card and reader. It's €49.
I've set up GitHub sponsor and will let you know when live - feel free to contribute.
On Mon, 25 Mar 2024, 10:32 jmuellerffn, @.***> wrote:
Well in our case it just a way for us to tell the systems its fine to execute scripts from your source. A self-signed script would serve that purpose, but I see the point of overall not providing much more security past that point.
Would this certificate work?: https://shop.certum.eu/open-source-code-signing-code.html I saw Michel Gajda also uses a certificate from certum for his PSWindowsUpdate Module.
We would also be ready to sponsor the certificate for that price.
— Reply to this email directly, view it on GitHub https://github.com/AshleyHow/WindowsOSBuild/issues/36#issuecomment-2017684795, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGXYCG4WFLWS2MTWZJH5IALYZ74K7AVCNFSM6AAAAABE5SE3X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJXGY4DINZZGU . You are receiving this because you were assigned.Message ID: @.***>
Sponsorship is now live. All are welcome to contribute so we can get the project scripts signed.
AshleyHow
commented
3 months ago Thank you for your contribution will try to do this for the next release sometime in April hopefully.
AshleyHow
commented
3 months ago Certificate has been purchased, awaiting verification.
jmuellerffn
commented
2 months ago Just wanted to ask if you have an estimate for the release of the signed version?
AshleyHow
commented
2 months ago Certificate obtained and have been testing the signing process. Hopefully will have a new release out by the end of the week, probably Thursday.
AshleyHow
commented
2 months ago v2404.1 released which is now signed. Thanks again for your support.
One of our customers requires signed scripts. So all the scripts need to be signed and for example for other modules we install their certificate in the trusted publisher certificate store.
It will help us and I'm sure others too, if the scripts were signed with a certificate.
Thank you for considering it.