alexrp
commented
2 years ago We would likely use SignService to host the code signing in Azure (Azure App Service + Azure Key Vault Managed HSM).
Open alexrp opened 2 years ago
alexrp
commented
2 years ago We would likely use SignService to host the code signing in Azure (Azure App Service + Azure Key Vault Managed HSM).
alexrp
commented
2 years ago GlobalSign seems like a good place to get an EV code signing certificate.
alexrp
commented
2 years ago Spent some time experimenting with SignService and I've mostly figured out how to use it. Just need to wait for #14 in order to actually buy the certificate.
alexrp
commented
1 year ago Seems like we can now avoid having to host SignService: https://github.com/dotnet/sign
alexrp
commented
8 months ago Need to figure out if we can actually obtain an EV certificate given our legal status under Open Collective Europe.
alexrp
commented
3 months ago Need to figure out if we can actually obtain an EV certificate given our legal status under Open Collective Europe.
Talked to Open Collective Europe; the answer is no. We would have to go for an OV certificate, which comes with some downsides. Need to think more on whether this is even worth it. :thinking:
This would allow us to sign our NuGet packages: https://docs.microsoft.com/en-us/nuget/create-packages/sign-a-package
Code signing certificates have to be renewed yearly and are somewhat costly depending on the provider.