Digitally sign releases?
Opened this issue · 3 comments
Every time I try to install VisualD on Windows, I have to dodge countless safety warnings because the executable is unsigned. Although we get some assurance via https:// but still if I leave installers somewhere, I'd much rather have the assurance they have not been tampered with.
Would it be possible to digitally sign future releases? Does the Dlang Foundation have a code sign cert?
We used to have an affordable one that someone set up for us for signing dmd releases, but that option is no longer available. @ibuclaw looked into other options a while back, but as I recall they were ridiculously expensive. So we don't have one right now.
I have signed https://github.com/dlang/visuald/releases/tag/v1.4.0-beta2 with the expired certificates, this seems to reduce the number of dialogs that you have to go through before running the installer after download.
Please note that downloading an update installer from the Visual D settings update page does not show any of the safety warnings.