niloc132
commented
1 year ago Google is no longer involved with the GWT project directly, and hasn't maintained the GWT Plugin for Eclipse since it was first called the GWT Plugin for Eclipse. Back when it was the Google Plugin for Eclipse (which no longer exists to my knowledge), it was maintained by Google. No version of the GWT Plugin for Eclipse 3.0 has signed releases...
That said, the GWT Plugin for Eclipse 4.0 should be signed, although not with a certificate that is specified by a CA to be for codesigning purposes. As currently configured, that cert is from LetsEncrypt, the one used to host https://plugins.gwtproject.org/, so that it can be confirmed to match there. Nightly builds (use update site https://plugins.gwtproject.org/eclipse/gwt-eclipse-plugin/nightly/ in eclipse) are signed with a longer-lived certificate, but specific to Vertispan LLC, and is not specifically for the gwt organization.
Can you take a screenshot of what you are seeing that this isn't signed at all?
If this is a problem for you or your organization we can discuss obtaining a codesigning certificate. We don't heavily advertise asking for contributions, but consider donating to https://opencollective.com/gwt-project or contacting me directly at colin@vertispan.com if this is an issue you'd like to expedite.
Is there a plan to have Google eventually pay for a certificate for the plugin so we don't need to install unsigned code?