Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows build needs to be signed, too #23

Open
justvanrossum opened this issue Mar 20, 2023 · 3 comments
Open

Windows build needs to be signed, too #23

justvanrossum opened this issue Mar 20, 2023 · 3 comments

Comments

@justvanrossum
Copy link
Collaborator

We need to figure out:

  • how to do it
  • how to get a certificate
@justvanrossum
Copy link
Collaborator Author

The current build can be run, but the Windows malware detector ("Defender") flags it as malware, and you have to take some steps before it can be run.

@ftCLI
Copy link

ftCLI commented May 22, 2023

I came across the same issue and found the solution in this e-book: https://www.pythonguis.com/packaging-book/

The main decision you have is between Standard Validation and Extended
Validation. Both are sufficient to sign executables, with EV required only for
drivers. That said, EV is the only way to guarantee that no warnings are
shown — with a normal validation cert you need to accrue "reputation" by
having the software installed on a sufficient number of (internet connected)
machines (that report their installs). If that sounds like too high a bar for
your software, you may want to consider EV.

A list of certificate providers can be found in this page: https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-cert-manage

Also: https://comodosslstore.com/code-signing

To sign executables: https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool

@justvanrossum
Copy link
Collaborator Author

Thank you, that is very useful information!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants