[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way



#3861: begin signing Windows packages the Windows way
--------------------------------------+-------------------------------------
 Reporter:  erinn                     |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by rransom):

 Replying to [comment:1 mo]:
 > I think you should sign. What you need is the "Core SDK Tools" that ship
 with the Platform SDK. You can select to install only those, and AFAIK you
 don't need Visual Studio.

 `osslsigncode` is a portable open-source alternative, although if we're
 planning to switch to Microsoft's toolchain anyway,

 >
 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11310
 (web installer)
 >
 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24826
 (ISO)
 >
 > More info on how to perform it and screenshots comparing signed and
 unsigned executables: http://www.kinook.com/blog/?p=10
 >
 > "get a code signing certificate (or digital ID) from a certification
 authority (CA) such as Comodo, Thawte, VeriSign, and others. You will need
 a Class 3 digital certificate for code signing."

 Distributing all of our packages as .exe files signed in this manner will
 do more harm than good to our users unless they check that each package is
 signed by the exact certificate which we use to sign packages.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs