Investigate code signing

[zapek]

On Windows, and possibly MacOS, there's a code signing warning when running .exe files, in this case, the installer.

Investigate if there are some Open Source friendly signing certificates, like for example: https://shop.certum.eu/open-source-code-signing-code.html

Discussion:

• https://stackoverflow.com/questions/252226/signing-a-windows-exe-file

Tools:

• https://ebourg.github.io/jsign/

Process:

• https://mkaz.blog/code/code-signing-a-windows-application/

Note that all of this doesn't remove the Smartscreen filter warning.

[zapek]

Too expensive and hard to use from GitHub Actions. It also doesn't remove Smart Filter (though since the reputation is attached to the certificate, it's carried over for upgrades).

[zapek]

https://comodosslstore.com/code-signing/comodo-individual-code-signing-certificate and https://github.com/marketplace/actions/code-sign-a-file-with-pfx-certificate or https://github.com/dlemstra/code-sign-action or https://github.com/nextgens/authenticode-sign-action

could actually work.

[zapek]

Tried comodo. They explain the terms, then, once the payment is done, they change the demands which become impossible to fulfill without spending thousands on notaries. Do not use, it's a rip off.

[zapek]

Possibly use a self signed certificate and instructions from https://github.com/gephi/gephi/issues/2615 I'm not sure it's useful though.

[zapek]

There won't be code signing because:

• too expensive
• verification steps unreliable
• such mafia-like behaviour shouldn't be encouraged by giving them money
• I sign it with PGP, which is more trustable anyway
• Windows will still show a warning for a signed executable

Once a few users install the program, the warnings goes away so the solution is to have betatesters.