Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticode Sign #3736

Open
ThomasNieto opened this issue Sep 12, 2024 · 1 comment
Open

Authenticode Sign #3736

ThomasNieto opened this issue Sep 12, 2024 · 1 comment
Labels
build-and-deploy Issues regarding to building and deploying Terminal.Gui
Milestone
V2 Release

Comments

@ThomasNieto
Copy link

Authenticode sign Terminal.Gui assemblies to ensure code integrity.

Describe alternatives you've considered

SignPath Foundation provides a free certificate for OSS projects. I'm not affiliated with the company but did recently get approved for a certificate for my OSS project AnyPackage.
@tig tig added the build-and-deploy Issues regarding to building and deploying Terminal.Gui label Sep 12, 2024
@tig tig added this to the V2 Release milestone Sep 12, 2024
@dodexahedron
Copy link
Collaborator

Hey, I use that module on some boxen and it's in my roaming profile, too. Nice work.

And neat organization, there. Nice to know something like that exists.

@tig

What do you think about converting/moving this one to discussions?

Also, I have a pretty big list of questions and concerns, including technical, legal, organizational, and procedural, which their terms either don't even mention or which their terms themselves raise (and note that their terms are explicitly stated to be a work in progress), which aren't in this comment but that should definitely be talked about in a visible place/way, wherever/whenever that is.

Aside from that...

There are a few significant projects using them (@ThomasNieto's being among those I'd call significant, in the PowerShell world), but what, if any, relevance those endorsements have is certainly subjective.

I might call the fact that OpenSC uses them a pretty decent endorsement by a relevant project that knows a thing or two about certificates, although they only recently (this year) started signing their binaries at all, so.. 🤷‍♂️

Vim is also in the list.

One thing though is that one of their conditions is that licensing has to be open for the project (not a problem of course) and "without commercial dual-licensing for all components," so we would just need to be sure of that for any dependencies, which could potentially limit options now (if applicable to any we use) and in the future.

In any case, this topic, if we are going to actually start thinking about it now, as we move closer to release, is not a small or simple one, so might I suggest that we take it slowly, deliberately, and be sure we cover all bases and consider multiple avenues, this one included?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build-and-deploy Issues regarding to building and deploying Terminal.Gui
Projects
Terminal.Gui V2 Initial Release
Status: No status
Milestone
V2 Release
Development

No branches or pull requests
3 participants
@tig @dodexahedron @ThomasNieto