unrecognized app: need to add code-signing to wis2-subscription-manager (eventually)

wmo-im / wis2-subscription-manager

An Electron application for browsing a WIS2 Global Discovery Catalogue, configuring WIS2 subscriptions, and viewing download metrics.

Apache License 2.0

2 stars 1 forks source link

unrecognized app: need to add code-signing to wis2-subscription-manager (eventually) #37

Open maaikelimper opened 3 weeks ago

maaikelimper commented 3 weeks ago

Because the application-code is not signed a user will get a warning when running the application for the first time.

For example on Windows:

To run the app the user need to click 'more info' and select 'run anyaway':

RoryPTB commented 1 week ago

At least when it comes to installing the software from an installer, the application must be code-signed in order not to trigger any operating system security warnings. It also seems that this remains true for portable installers.

For Windows, the cheapest option is Azure's Trusted Signing, and for MacOS the only option is the Apple Developer Program. For the latter, we should be eligible for a fee waiver as a non-profit organization.

RoryPTB commented 1 week ago

@efucile and I have agreed that we should only address code signing if the app is received well in multiple training sessions. So, this issue can be considered low-priority for now, and I will close this until we decide we are ready to release the app to the public.

maaikelimper commented 4 days ago

Even if we are not fixing this now, we need to keep this issue open