Is it worth considering signing the windows executable?

[simondotm]

Running a new build of B-em.exe downloaded from GitHub onto Windows 10 triggers the Widows Defender Smart Screen. Apparently, digitally signing the exe with a consistent publisher allows MS to update their databases and make this less recurrent for installations.

https://www.codeproject.com/Questions/555248/Willplussigningplusanplusexecutablepluspreventplus

[SteveFosdick]

It would certainly be nice to do this. Does that screen appear every time you run it or just the first time for a newly downloaded executable?

On a technical level do you know what tool is used to sign the executable? What about a source of the non-premium certficates?

Another thing to thiunk about is whether individual developers should each have certificates or whether we should have one for the stardot organisation as a whole. The latter would build reputation faster across multiple developers and multiple projects but does require more organisation.

[simondotm]

I'll check about frequency next time I install a new release. There's some chat here about how to sign executables, seems like can either find a free or paid CA, (there might be free options for open source projects). I'd imagine a Stardot publishing cert would make the most sense.