Open warp16 opened 2 years ago
lostindark
commented
2 years ago Unfortunately getting an Authenticode cert is not easy. To get a meaningful cert for DriverStoreExplorer, we need a company/organization, which we don't have. Also, it costs money.
PGP signing is not that useful on Windows as people can't easily verify that (no builtin support on Windows).
Hash seems like a cheap solution. Need some change on build pipeline to produce the hash for it. Where should we publish the hash?
warp16
commented
2 years ago Comodo sells Authenticode certificates specifically for indivdual developers for $70-85 per year (depending on validity period.) Another option is Certum at 70 euro per year
If you add a donate button to your github, I'll throw in $10. And no, I don't work for either of them lol.
https://shop.certum.eu/open-source-code-signing.html https://comodosslstore.com/code-signing/comodo-individual-code-signing-certificate
Authenticode signing would be best, PGP signing would be the next best, at the very least a SHA512 hash to verify the authenticity of the executable would be great.