Provide a way for the windows signing service to control name and url parameters of the attached signature

eclipse-cbi / org.eclipse.cbi

CBI Maven plugins and Webservices

https://eclipse-cbi.github.io/org.eclipse.cbi/

Eclipse Public License 2.0

1 stars 10 forks source link

Provide a way for the windows signing service to control name and url parameters of the attached signature #503

Open netomi opened 3 months ago

netomi commented 3 months ago

Currently, the name and url used for signing an executable is hard-coded in the service.

That means all executables signed with the service will have the same information which currently is set to the following:

      windows.jsign.description=Eclipse Foundation, Inc.
      windows.jsign.url=http://www.eclipse.org/

Now I am not aware of any reasons to do so, but I find this kind of odd. Shouldnt we support setting this information in the request as well?

@mbarbero ?

mbarbero commented 3 months ago

You mean that this is not customizable by the caller of the service, correct? If this is only metadata and does not need to match the CN of the certificate, then I'm not opposed to it.

netomi commented 3 months ago

indeed, atm the caller of the service has no control over that parameters and always the fixed values are taken for every executable that is signed. I dont know what is displayed as information in Windows as even osslsigncode does not show that info surprisingly, so a second opinion on that would be good. But I assume that this is information that is specific to the executable that is signed, so having fixed values for everything is a bit couter intuitive imho.

mbarbero commented 3 months ago

Agreed.

merks commented 3 months ago

Thanks for being proactive.