notes icon indicating copy to clipboard operation
notes copied to clipboard

Published 20 hours ago verified publisher icon nuttyartist

Automatically signing our Windows installers

Open nuttyartist opened this issue 6 years ago • 3 comments

For the best experience for our Windows users, we should sign our installers through a legit certificate. The best way will be to do it automatically using AppVeyor.

Steps:

  • Check if it's feasible to do so with AppVeyor.
  • Buy certificate.
  • Integrate it into AppVeyor.

nuttyartist avatar Sep 05 '17 18:09 nuttyartist

I'm currently signing Tiled releases for Windows using SignPath. They contacted me directly about this possibility, but in general you can contact them to request signing of open source software according to their pricing page.

The way it currently works is that they pull the artifact(s) from AppVeyor, then you approve them for signing and shortly afterwards you can retrieve the signed versions from them. It's easy to set up and avoids paying for a certificate, but the users will see SignPath instead of you as the publisher.

bjorn avatar Feb 05 '20 08:02 bjorn

Sounds like a good enough alternative, but 18$ per month? - 216$ per year? That's a whole lot. Did I read it right?

nuttyartist avatar Feb 05 '20 09:02 nuttyartist

Sounds like a good enough alternative, but 18$ per month? - 216$ per year? That's a whole lot. Did I read it right?

Open source projects are invited to contact them, and will in general receive the service for free I think.

bjorn avatar Feb 05 '20 09:02 bjorn