Windows: vagrant-spk.exe (and/or other EXEs in the install) should be signed

[paulproteus]

Explains @ocdtrekkie on IRC:

Also, Windows SmartScreen hates your app because it isn't signed and probably because of some of the things it does.

Relevant thoughts:

• We can do binary code signing for Windows if we want: http://pynsist.readthedocs.io/en/latest/faq.html#code-signing
• It might be true that python.exe is already signed, and that pynsist's launcher EXEs for Windows are already signed, which if true would mean that switching to pynsist would let us avoid the work of signing these things ourselves.

[kentonv]

Hmm, but what's the point of code signing if we're not signing the Python scripts?

[paulproteus]

@kentonv the only point of this would be to make the Windows SmartScreen warning go away. If doing the signing would add no security but would remove Windows' security theater, I'd be OK with that.

[ocdtrekkie]

You actually have to click like an Advanced/More info text to even get the "Run anyway" prompt.

[kentonv]

Hooray security theater.

[ocdtrekkie]

Well, presumably, for EXE's that are self-contained, the signing method isn't security theater.

For the sake of vagrant-spk, signing it avoids a scary warning that some people will not know how to get around (and some group policies actually disable bypassing it), so it's also not security theater, merely ease of use.

"Security theater" indicates it's being done just to make people "feel safer", and that's not why it should be signed.

[kentonv]

@ocdtrekkie The thing is, if someone has signed a Python interpreter that interprets unsigned code, then anyone else can build malware on top of that, thereby avoiding the signature checker. And so the whole purpose of requiring signatures is defeated. It doesn't matter that signatures on legitimate code are in fact checking the whole executable, because it's the illegitimate code we want to catch, and again, anyone can build malware on that one signed Python interpreter.