haskell-platform icon indicating copy to clipboard operation
haskell-platform copied to clipboard
verified publisher icon haskell

Security issue in installing Haskell platform in MS Windows - Installer not digitally signed

Open r0ml opened this issue 11 years ago • 3 comments

The Haskell platform installer for Microsoft Windows should be digitally signed using a certificate from a reputed certificate organization (Verisign, entrust etc.) The mozilla firefox is signed this way. Any software distributed through internet is signed this way to avoid modification by replacement by an intermediary.

If it is not possible to sign the platform installer then publish the md5 checksum along with the link to download platform installer. (However, windows users are slightly less used to this approach.)

r0ml avatar Mar 20 '14 19:03 r0ml

Note to self: provide an MD5 sig when releasing an installer.

r0ml avatar Mar 20 '14 19:03 r0ml

This is relevant:

http://stackoverflow.com/questions/10581570/setting-the-uac-publisher-field-for-a-nsis-installer/10587106#10587106

r0ml avatar Mar 20 '14 19:03 r0ml

We're already doing the checksum now afaik. @randen do you have thoughts on if signing is important or knowledge on if we've addressed this already?

gbaz avatar Oct 13 '15 16:10 gbaz