[Geany-Users] GPG Signature for Windows Binaries

dany111 at email.it dany111 at xxxxx
Mon Dec 17 14:48:44 UTC 2018


Hi Enrico,
I understand that the installer contains more binaries which are not signed by you, but I think that a GPG-signed .exe would be more trustable than a md5-certificated .exe. I think it would be an improvement simple to add.

Best regards,
Daniel

----- Original Message -----
Hi <whoever you are>,

On 12/16/18 10:29 PM, dany111 at email.it wrote:
> Given that you already sign the source packages, could you sign the Windows Installer too?

I could.
The installer as well as all binaries created from the Geany sources
itself (that is geany.exe, libgeany.dll and the plugin DLLs) are signed
with a SSL certificate from cacert.org.
You can check these signatures on Windows in the file properties dialog
on the "Digital Signatures" tab.

Usually you get a verification failure because Windows doesn't know the
CA the certificate is signed with (cacert.org). But this is a problem of
Windows, not of Geany.
You can download the root certificate of the cacert.org CA on
http://www.cacert.org/index.php?id=3.

The installer contains more binaries which are not signed by us as they
are not created by us but taken from the MSYS2 project. Detailed
information about the included runtime libraries are where they were
downloaded from can be found in the installation directory in the file
called "ReadMe.Dependencies.Geany.txt".


Regards,
Enrico

-- 
Get my GPG key from http://www.uvena.de/pub.asc


More information about the Users mailing list