Use code signing to prove trustworthiness #45
Comments
|
Perhaps submitting the executable for analysis could increase its reputation. This would have to be done for every bundle of every release. |
|
MS SmartScreen Defender still shows a warning with "Unknown Publisher" for the signed executable. Probably this data is taken from the .exe directly, and could be added as described here: https://pyinstaller.readthedocs.io/en/stable/usage.html#capturing-windows-version-data. This info, together with the bundle hash sum, should convince users that Unfortunately, I can't get it to work with the current PyInstaller stable version, I should try it once 4.0 is released. |
|
The Defender warning might also be related to the "MOTW" flag of the exe that might be set on downloading of the release. To analyze this, https://github.com/nmantani/PS-MOTW might be helpful |
Code signing the
timerecord.exeshould prevent "Unknown publisher" dialogs or at least display a name related to this GitHub project (since only self-signing seems to be free nowadays).https://github.com/pyinstaller/pyinstaller/wiki/Recipe-Win-Code-Signing
https://stackoverflow.com/a/51443366
https://www.cryptosys.net/pki/manpki/pki_distnames.html
Since this only signs the executable, it might be prudent to provide a hash sum for the individual bundle zips.
Signing .bat files is not possible, so there should be at least some docs explaining how to cope with it when listing or exporting stage times: https://superuser.com/questions/470463/how-to-sign-a-windows-batch-bat-file
The text was updated successfully, but these errors were encountered: