Windows code signing

[darosior]

It was reported to me that the installation process on Windows is cumbersome and.. Scary. The browser would delete the downloaded binary automatically, and some sort of tweaking in Windows Defender is necessary to be able to actually simply download the software.

We should work on getting a signing certificate for Windows binaries (i've been told it's expensive and complicated), and in the meantime at least document how to be able to download and start Liana on Windows..

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection

[darosior]

Looked into this a bit this morning. It appears there is only a warning on Windows 11 when downloading the .exe from the Edge browser. From the most used Google Chrome browser no warning is shown (allegedly) when downloading or launching the software.

Therefore i don't think this should be a short term priority. (Note this is not security-critical, it's only to avoid annoyances for users. All binaries we distribute are reproducible and gpg-signed already.)

[pythcoiner]

On windows 10 there is a security message on install or first launch if i remember well.

[darosior]

Would be nice to know from users on Windows whether our binary stands out in this regard. Surely not all projects go through the hurdle of buying a certificate and code signing their released binaries?

[pythcoiner]

had a look at this today, so here some materiel for documentation:

• when dowloading w/ edge(win10):

when click on Conserver (don't know what's the wording in emglish there):

then Afficher plus / Show more

• when executing Liana-x.x.exe:

[darosior]

@pythcoiner noted in his Windows 10 VM there is a regression between v5 and v6rc1. v6rc1 is detected as a virus.

[pythcoiner]

Happening on a Win10 Home VM

cf: tests