martinstoeckli / SilentNotes

SilentNotes is a simple note taking app which respects your privacy.
https://www.martinstoeckli.ch/silentnotes
Mozilla Public License 2.0
238 stars 35 forks source link

Pre-compiled Binaries in Releases Tab #215

Closed juanpc2018 closed 4 months ago

juanpc2018 commented 1 year ago

Not everybody has Windows Store, or Windows, some people have OSX and Linux

want to test using Wine / PlayOnMac / PlayOnLinux Mono, Not NET framework. maybe also want to test using ReactOS "Open Source NT4",

i have Windows8.1x64 but barely use Windows, and
most softwares are Not available in the Store. im Not going to buy or install W10, W11.

martinstoeckli commented 1 year ago

The binaries can be donwloaded on SilentNotes homepage for sideloading.

Unfortunately they cannot be built automatically, because they are signed by the stores. In case of Microsoft I have to download them from the Microsoft store myself, the store signs it with their own certificate which is then accepted by the SmartScreen. In case of Android I sign them myself, but Google urges developers to let the playstore do the signing as well (app bundles), so I'm not sure how much longer self signing will work.

juanpc2018 commented 1 year ago

I dont think .msixbundle works with Wine. Only .exe maybe .msi

Crashed Wine 7.11 "latest", configured as W10.

martinstoeckli commented 1 year ago

I had to make a choice, at the time I got it to the Microsoft Store, an MSI installer was not accepted, only UWP applications with an msix installer. Together with Windows SmartScreen which blocks any unsigned MSI installer (only determined users will ignore the warning and click the tiny "More info" link), the msi was not an option anymore.

juanpc2018 commented 1 year ago

maybe if you read this: https://github.com/pullmoll/trusttrust written by: https://en.wikipedia.org/wiki/Ken_Thompson could have made a different decision. that paper was inspired by: George Orwell Novel written in 1949 https://en.wikipedia.org/wiki/Nineteen_Eighty-Four

https://youtu.be/5syd5HmDdGU?t=13 https://www.youtube.com/@TrungLe-lw4zm/search?query=talos https://youtu.be/o5Ihqg72T3c?t=4 https://youtu.be/lt8cu8IMLOM https://youtu.be/Tvey2Nsc3oY?t=5 https://youtu.be/LW71CbKcjJA

other links: https://archive.org/details/reflections-on-trusting-trust https://web.stanford.edu/class/cs208e/cgi-bin/main.cgi/static/lectures/18-ReflectionsOnTrustingTrust/ReflectionsOnTrustingTrust.pdf https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf https://medium.com/computers-papers-and-everything/2-reflections-on-trusting-trust-1ba5709c2f27 https://en.wikipedia.org/wiki/Backdoor_(computing)#Compiler_backdoors https://dl.acm.org/doi/pdf/10.1145/358198.358210 https://dl.acm.org/doi/10.1145/358198.358210

martinstoeckli commented 4 months ago

Since version 8.0.0 the build process is automated and the binaries for Android are automatically added to the release page. For Windows this cannot be done, because the upload package is missing the signing from the Microsoft store.

Alternative installers won't be able to install the unsigned package, the user only gets a warning from the SmartScreen that it is dangerous. One has to open "more information" to even get a chance to install it anyway. This can only be overcome by buying an expensive EV-code-sigining-certificate (several 100$ anually).